Incoming Email Subtab
The Incoming Email subtab allows you to set up the email settings for incoming email service to enable flexible approval under Site Management > Settings > Email. Flexible approval functionality allows an approver to approve or reject requests outside the enterprise network without logging in to App Portal. This provides a speedy on-the-go approval (or rejection) process, and subsequent delivery of the request without delays. The monitoring email address is used to receive email approvals or rejections from an approver. Once the Incoming Email subtab fields are set, an approver can approve or reject requests by simply replying to an email notification using predefined keywords (for example, Approve or Reject or any others that are defined in the keyword notification templates) along with any additional comments. The system further parses through these email responses and takes action of approving or rejecting the request accordingly based on the keyword provided in the reply.
App Portal supports the following authentication types for connecting to the incoming email service:
| • | Basic Authentication |
| • | Modern Authentication/Outlook |
The Site Management > Settings > Email > Incoming Email > Basic Authentication view includes the following properties:
|
Property |
Description |
|
Mail Server Type |
The Mail Server type used by the approver: IMAP or POP3. |
|
Mail Server |
The IP address or Domain name of the IMAP or POP3 mail server. |
|
Port |
The port for the Mail Server of type IMAP or POP3. |
|
SSL |
Select this option to use SSL to receive email. Out of the box, this is enabled. |
|
|
The email address of the App Portal monitoring mailbox that receives replies from the approver. |
|
Password |
The email password of the App Portal monitoring mailbox that receives replies from the approver. Note:If using Gmail, use the application password. |
|
Test |
Click the Test button to validate Incoming Email configurations. This displays the settings along with a message. If settings are valid, the validation message says “Incoming Email configuration settings are valid.” If settings are not valid, a validation message says, “Incoming Email configuration settings are invalid! Please recheck the Server, Port, and SSL details.” |
|
Scanning Interval |
The frequency (set in minutes) to monitor the mailbox which receives email responses from the Approver. |
Refer to the following subsections for full information, including how to enter Outlook connection settings in App Portal / App Broker:
| • | Gather Prerequisites for Outlook Configuration |
| • | Configure Permissions Required for the Application in Azure Portal |
| • | Configure Outlook Settings |
Gather Prerequisites for Outlook Configuration
The steps below describe how to capture app registration details from Azure Portal for configuring Outlook in App Portal.
| 1. | Login as administrator user to portal.azure.com. |
| 2. | Mouse hover on the username at the top right corner and observe the value of Directory. It has both name and ID- Directory: The value of this is mapped to Tenant ID/Tenant Name field in App Portal for Outlook configuration. |
| 3. | Under Azure Services, click App Registrations. |
| 4. | Do the app registration by clicking on the New Registration. For this please follow the steps in Microsoft’s instructions at https:// docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app |
| 5. | Once the App registration is done then please make a note of the following settings: |
| • | Application (client) ID—The value of this is mapped to Client ID field in App Portal for Outlook configuration. |
| • | Object ID—The value of this is mapped to the Principal ID field in App Portal for Outlook configuration. |
Note:To get the Object ID, click Overview and under the Essentials section, click on the value of Managed Application in the Local Directory (app name). This will redirect to another page where you need to copy the Object ID value from Properties section. This value needs to be entered in the Principal ID field in App Portal for Outlook configuration.
| 6. | After the app registration, click on Certificates and Secrets and click New Client Secret. |
| 7. | Enter description and expiry date, and click Add. Observe that a value gets added under the Value field and record the value. |
Important:This value must be entered as the Client Secret in App Portal for its Outlook configuration settings.
Configure Permissions Required for the Application in Azure Portal
The minimum permissions required for the application registered for Outlook to communicate to App Portal are
| • | Application.Read.All |
| • | Mail.ReadWrite |
| • | User.Read.All |
To configure these permissions
| 1. | Navigate to API Permissions > Add a Permission > Microsoft Graph. |
| 2. | Click Application Permissions in the next section and use a filter to search for a specific permission. |
| 3. | Select the permission and click the Add Permissions button. |
This should add the selected permissions to the grid.
| 4. | Click Grant Admin Consent For {Tenant Name}. |
To restrict the API permission to read only the monitoring mailbox for Exchange Online, please complete the steps explained in Microsoft’s instructions here:
Note:Confirm permission to the API is restricted to the incoming service mailbox by using the Test-ApplicationAccessPolicy command as explained in the link above.
Outlook settings need to be entered when the Modern Authentication/Outlook type is selected.
The Site Management > Settings > Email > Incoming Email > Modern Authentication/Outlook view includes the following properties:
|
Property |
Description |
|
Microsoft Graph URL |
Default value: https://graph.microsoft.com. This field can be configured with country-specific Government URL. For example, for US government the URL will be https://graph.microsoft.us. |
|
Azure Authentication URL |
Default value: https://login.microsoftonline.com. This field can be configured with country-specific Intune Government URL. For example, for US government the URL will be https://login.microsoftonline.us. |
|
Tenant ID/Tenant Name |
Enter the Tenant ID or Tenant Name of the Outlook instance. |
|
Client ID |
Enter the Client ID of the Outlook instance. |
|
Client Secret |
Enter the Client Secret of the Outlook instance. |
|
Principal ID |
Enter the Principal ID of the Outlook instance. This is the unique ID of the service principal object associated with this application. |
|
|
The email address of the App Portal monitoring mailbox that receives replies from the approver. |
|
Test |
Click to test the current connection settings. If the test is successful, the validation message reports the following: Incoming Email configuration settings are valid. Required permissions are successfully validated. |
|
Scanning Interval |
The frequency (set in minutes) to monitor the mailbox which receives email responses from the Approver. |