You can set up an OAuth2 provider for IMAP e-mail accounts, Microsoft Exchange Online, and online meetings with Microsoft Teams to use the respective functions.
Afterwards, the parameters from both registrations are entered in the Miscellaneous area on the OAuth2 tab.
The authentication method can then be used when creating or changing an e-mail account and users can work in online meetings.
After a user has logged on to the corresponding OAuth2 page in the browser, the answer is passed on by Azure via a redirecting URL, for example, localhost:Port.
If you do not define a specific setting, a random port is used. Limit the range to a specific port to take firewall restrictions on the computer into account.
You can find more information on redirecting URLs in the corresponding Microsoft documentation.
Depending on the selected account type, the interfaces for authenticating users and acquiring access and refresh tokens from Microsoft are called with different parameters. Please refer to the corresponding Microsoft documentation if required.
You need to enter a value predefined by Microsoft into the Tenant ID field.
OAuth2 can be used as authentication method for e-mail accounts in CAS genesisWorld. At the moment, Microsoft Exchange online is supported as OAuth2 provider. As only this provider is currently supported, only settings for this provider are available.
The administrator defines the necessary settings for the authentication method in the Management Console.
OAuth2 can be defined both in the wizard when creating an e-mail account and also in the properties of an existing e-mail account.
OAuth2 is supported for all functions which use IMAP or SMTP protocols and is available in the Management Console, in the Server Manager and in the configuration wizard of the Update service. The basic authentication can be switched off for Exchange Online.
OAuth2 parameters for IMAP can be saved to and loaded from a file in the following: Management Console, Server Manager and in the configuration wizard for the Update Service.
If CAS genesisWorld is already registered on the Microsoft Azure Portal and the Mail.Send right has been set for the application, then you do not need to register a new application for SMTP.
The parameters for the application to be registered are:
For the Azure Portal, we recommend to include CAS genesisWorld in the beginning of the name or as part in the name.
By creating a descriptive name, 2 viewpoints are taken into account to be able to better identify the origin at a later time: the possibility for Azure Portal to identify CAS genesisWorld and vice versa.
Type of application: Web
Redirect URI for the application: http://localhost
The immediate copying of the value after generating is important as the value will no longer be displayed later.
The following permissions are required for Exchange online:
IMAP.AccessAsUser.All
offline_access
SMTP.Send
New opens the Settings of the OAuth2 provider.
Enter, for example, Exchange Online. With this descriptive name, you include the viewpoints from CAS genesisWorld to the Azure Portal and the identification is made easier, as the Title is displayed in the e-mail account settings.
During the OAuth2 authentication, the open browser window performs a callback to CAS genesisWorld to transfer any received transmission authorizations received from the e-mail provider. To do this, the system briefly opens a TCP port locally.
With the exception in the firewall, the queries via the TCP port are not blocked and access from the internet to these ports must not be activated.
After having completed the set up of an e-mail account with the wizard and/or when closing the properties of an e-mail account, the registration page of the e-mail account is opened at the OAuth2 provider.
Registering with the OAuth2 provider can be skipped and all settings for an account can still be saved.
Whether a valid authentication of the user exists on the OAuth2 provider side is checked during access via an e-mail account. With the CAS genesisWorld e-mail client, this is done, for example, when displaying e-mails, opening e-mail views or with e-mail rules on the server.
The administrator can or cannot set e-mail accounts and the default account for users. Depending on the settings of the administrator, users can or cannot set up e-mail accounts or a default account themselves and, if necessary, change predefined accounts.
With that, you as administrator can create e-mail accounts and execute the authentication for the OAuth2 provider, assign logon names as well as passwords and inform users. Passwords can then be changed in CAS genesisWorld, for Windows and for the OAuth2 provider. Alternatively, these steps are performed completely or partially by users.
Online meetings can be created and organized in the desktop client and in CAS genesisWorld Web for Microsoft Teams. To work with these functions, users can use the Online meeting option in the data record window of an appointment.
In the Management Console, the OAuth2 provider must be defined for this functionality.
The parameters for the CAS genesisWorld application to be registered are:
Type of application: Public client/native
Redirect URI of the application: http://localhost:3017
The immediate copying of the value after generating is important as the value will no longer be displayed later.
API: Microsoft Graph
Type of permissions: Application permissions
Permissions: Calendars.ReadWrite and User.Read.All
The User.Read right is not sufficient. User.Read.All is required.
The Administrator permission for the added rights must be granted.
The following parameters for online meetings must be entered in the Management Console at OAuth2 provider:
The UserPrincipalName of the organizer of the online meeting in the Microsoft Azure Portal must match the e-mail address of the organizer in CAS genesisWorld.
Only accounts from an organizational directory are supported in the Microsoft Azure Portal.
When saving an online meeting, problems can occur in Microsoft Teams which are logged with the following error message: StatusCode: -101; StatusText: CalendarID unknown.
In this case, you cannot access the Microsoft Teams calendar using the current CAS genesisWorld user account. Please check the following possible causes:
Enter the corresponding user licenses for Microsoft Teams and the Exchange online calendar.
Please note that any changes in Azure take about 24 hours to apply.
Move the inbox from on premise to online. Then, the user's calendar can be accessed by CAS genesisWorld.