externalcredentials

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
externalcredentials [2023/03/04 02:03] Justin Willeyexternalcredentials [2023/03/04 02:39] (current) – [Microsoft Graph API] Justin Willey
Line 2: Line 2:
 Used to store credentials for integrations with external systems. Different data items will need to be completed depending on the nature of the external system. These credentials are available to be used by built-in commands like <SendEmail> or directly in Jobs. Used to store credentials for integrations with external systems. Different data items will need to be completed depending on the nature of the external system. These credentials are available to be used by built-in commands like <SendEmail> or directly in Jobs.
  
-More sensitive items are stored in the database using AES256 encryption. Once saved, only the last four characters are shown, preceded by ****. The number of asterisks is unrelated to the length of the underlying data. +More sensitive items are stored in the database using AES256 encryption. Once saved, only the last four characters are shown, preceded by %%****%%. The number of asterisks is unrelated to the length of the underlying data. 
  
-=== SMTP ===+When you click on New, you will be asked for the Name, the Type and a Description of the credential record you want to create. The type and description can be edited later, but the name cannot be changed subsequently, and will be used to identify these credentials elsewhere in IQX. Once you have supplied these values and clicked OK, a new form will open where the details can be entered.  
 + 
 +==== SMTP ====
  
 As a minimum, a name, description and a host address are required. If specified, the Email Address will be used as the SMTP Sender email, otherwise it must be specified in the <SendEmail> command. If no port is specified, 25 is assumed. User Name and Password must be specified if authentication is required. TLS can be ticked if required.  As a minimum, a name, description and a host address are required. If specified, the Email Address will be used as the SMTP Sender email, otherwise it must be specified in the <SendEmail> command. If no port is specified, 25 is assumed. User Name and Password must be specified if authentication is required. TLS can be ticked if required. 
Line 10: Line 12:
 If your email provider enforces two-factor authentication, or you find that you have issues with the valid credentials being rejected, you may need to set up and use an "App" password rather than using a standard password. These passwords are created for a single purpose and are used in conjunction with the normal user name.  For more information see [[https://support.google.com/accounts/answer/185833?hl=en|GMail]] or [[https://support.microsoft.com/en-gb/help/12409/microsoft-account-app-passwords-and-two-step-verification|Microsoft / Exchange / Azure / Outlook 365]] Be aware that changing the "main" password on the email account can result in any "App" passwords for that account being silently invalidated, and requiring regeneration.   If your email provider enforces two-factor authentication, or you find that you have issues with the valid credentials being rejected, you may need to set up and use an "App" password rather than using a standard password. These passwords are created for a single purpose and are used in conjunction with the normal user name.  For more information see [[https://support.google.com/accounts/answer/185833?hl=en|GMail]] or [[https://support.microsoft.com/en-gb/help/12409/microsoft-account-app-passwords-and-two-step-verification|Microsoft / Exchange / Azure / Outlook 365]] Be aware that changing the "main" password on the email account can result in any "App" passwords for that account being silently invalidated, and requiring regeneration.  
  
-=== Microsoft Graph API ===+==== Microsoft Graph API ====
  
 +=== Registering IQX as an application in Azure === 
 To use the Microsoft Graph API with IQX, you must first set up IQX as an Application in **your** Azure Active Directory using the Create Azure Active Directory application. To do this, log into **your** Microsoft Azure Portal as an **admin** user. Then select __Azure Active Directory__ followed by __App registrations__.  To use the Microsoft Graph API with IQX, you must first set up IQX as an Application in **your** Azure Active Directory using the Create Azure Active Directory application. To do this, log into **your** Microsoft Azure Portal as an **admin** user. Then select __Azure Active Directory__ followed by __App registrations__. 
  
 Next complete the __Name__ field as, for example, //IQX//, set __Supported account types__ to //Accounts in this organizational directory only// and set __Redirect URI__ to //Web// with http://localhost as the __URI__. Next complete the __Name__ field as, for example, //IQX//, set __Supported account types__ to //Accounts in this organizational directory only// and set __Redirect URI__ to //Web// with http://localhost as the __URI__.
  
-Now go back to __App registrations__ and select __All apps__. Select the App record you have just created and then select __API Permissions__. Select __+ Add a permission__ and in __Request API permissions__ select //Microsoft Graph//. Then configure __Application permissions__ and grant //Mail.Read// and //Mail.ReadWrite// permission to the App. Final ensure you choose __Grant admin consent for <your company name>__. Your settings should look something like this:+=== Granting permissions to IQX ===  
 +Now go back to __App registrations__ and select __All apps__. Select the App record you have just created and then select __API Permissions__. Select __+ Add a permission__ and in __Request API permissions__ select //Microsoft Graph//. Then configure __Application permissions__ and grant //Mail.Read// and //Mail.ReadWrite// permission to the App. Finally ensure you choose __Grant admin consent for <your company name>__. Your settings should look something like this:
  
 {{:graphapipermissions.jpg?nolink|}} {{:graphapipermissions.jpg?nolink|}}
  
 +=== Setting up authentication for IQX ===
 +
 +Choose __Certificates and secrets__ from the right hand menu. Choose __Add a client secret__, give it a description and choose //Never// under __Expires__. Select __Add__ and copy the displayed Secret into the **Client Secret** field in IQX and then click on **Save & Refresh**. 
 +
 +Then back in Azure, choose __Authentication__ from the right hand menu. The screen should look something like this:
 +
 +{{:graphapiauthentication.jpg?nolink|}}
  
 +Now select and copy the __Application (client) ID__ into **Client ID** in IQX, and __Directory (tenant) ID__ into **Tenant ID** in IQX. Then click on **Save & Refresh** 
  
  
  • externalcredentials.1677895432.txt.gz
  • Last modified: 2023/03/04 02:03
  • by Justin Willey