Trouble generating new MS OAuth 2.0 email auth account token

Hi

We are trying to create a new MS OAuth 2.0 application email auth account. This is replacing a Basic (IMAP) account.

After entering the Client ID and Client Secret, I try to generate the token, Microsoft asks to sign on with the email/password. It then asks to request for approval. Our MS admin approved it. But when I tried to generate the token again, it asks for approval again.

I am logged in Admin as the Email Service account.

Asked by Chuck Renninger on Tue 1/25/22 4:32 PM
Sign In to leave feedback or contribute an answer

Answers (2)

This answer has been marked as the accepted answer
Mark Sayers Tue 1/25/22 5:01 PM

Hello Chuck,

You shouldn't need to be signed in to TDAdmin as the email account user in order to generate the auth tokens. At worst you might need to sign in to TDAdmin (as yourself) around SSO, in a browser/session that has not already initiated an SSO session.

So to do that you'd go to help.vccs.edu/tdadmin/logintdauth.aspx and use the local TDX username for your account and your non-sso local password.

Sincerely,
Mark Sayers
Sr Support Consultant, CS

No feedback
Hi Mark
We got around the auth token issue.
I was logged in Admin as myself with the local password. When we clicked the generate token button, our MS admin had to log in to MS with his admin account. I was logging in with the email account when it kept asking for approval. Meanwhile MS was sending emails to the inbox and they were being processed as tickets which is what we expect. But once the token was generated, emails to the inbox are no longer getting processed. When I inactivate/activate the monitor, I get:
Could not find or access inbox folder: Inbox
ErrorCould not find or access processed folder: Processed
ErrorCould not find or access unsuccessful folder: Unprocessed
ErrorYour monitor was not activated.

The auth account field is showing the new value.
If I try to create a new email monitor, it says one already exists, even though it is inactive. I also re-entered the TD username password. - Chuck Renninger Fri 1/28/22 10:29 AM
So the Admin account might have allowed the access token to be generated, but if that administrator's account in Azure doesn't actually have full access to that email account then it would not allow our system to successfully connect to the mailbox and begin monitoring. - Mark Sayers Fri 1/28/22 12:27 PM
Chuck Renninger Mon 2/7/22 4:40 PM

Hi Mark

Our admin  gave the account full access to the email account. We re-created the auth account, generated the tokens and marked it active. But we're still not able to activate the monitor.  It's still giving the  'Could not find or access inbox folder: Inbox' errors. Any other ideas? Or could we schedule a Zoom session?

Thanks.

No feedback
I'd suggest submitting a support ticket first (rather than continuing in this open questions forum), as we likely need to collect a bit more information from you including some screen shots of the auth account config page and the config page of the email monitor. - Mark Sayers Mon 2/7/22 4:47 PM
Were you able to resolve this error? We're seeing something similar. - Christopher North Wed 2/16/22 11:32 AM
They ended up generating the access token using the credentials of the mailbox being monitored. I don't believe there was much beyond that which needed addressing, but definitely submit a support ticket if you are finding you need additional support. - Mark Sayers Wed 2/16/22 11:59 AM