Turned on Modern Authentication in AzureAD, sign in logs still showing email monitors using Basic Authentication

Hello,

I followed the instructions here:

https://solutions.teamdynamix.com/TDClient/1965/Portal/KB/ArticleDet?ID=105410

I set the callback URL, got the Secret and Value ID through the Applications in AzureAD.

Was there another step I was supposed to take?

Thanks!

Asked by Azhar Alsaady on Mon 9/12/22 12:05 PM
Sign In to leave feedback or contribute an answer

Answers (2)

This answer has been marked as the accepted answer
Azhar Alsaady Mon 9/12/22 2:33 PM

Hi Mark!

 

Thank you I believe I got that taken care of in Azure AD. I just need to configure the TDX side. 

 

2 questions:

 

  1. Can one web service Auth account be used for all TDX email monitors?
  2. What is the SCOPE that most users use when setting up email monitors?

 

Thanks!

No feedback
1. Yes.
2. The scope is created automatically based on the permissions you've granted the app registration and based on which type of OAuth you are trying to use. - Mark Sayers Mon 9/12/22 2:35 PM
I have 4 different scopes in Azure AD:

imap.acccessasuser.all
mail.readwrite
profile
user.read

Which one of these should I be using in the Scope field in TDX Admin? - Azhar Alsaady Mon 9/12/22 2:39 PM
I'm not understanding the question because the Scope field is *not* available for editing in Admin when you are generating your OAuth type auth account. It is populated automatically based on whether you are wanting to create an OAuth IMAP or OAuth 2.0 type account, and specifically it populates *after* you generate the access token.

If you're creating an OAuth IMAP type auth account, then the scope that gets *automatically* generated will include imap.acccessasuser.all . If you're creating an OAuth 2.0 type account, it will generate a scope that includes imap.acccessasuser.all , mail.readwrite , and user.read . But you personally will not fill in a Scope field ever. - Mark Sayers Mon 9/12/22 2:44 PM
Got it! Ok let me generate the token and see if it generates automatically. thanks! - Azhar Alsaady Mon 9/12/22 2:52 PM
Mark Sayers Mon 9/12/22 2:25 PM

Hello Azhar,

Those instructions were for setting up the Azure side of the OAuth setup. You still need to access TDAdmin, create new Auth accounts that are of type OAuth, generate an access token for each one, and set your email monitors to use the new auth account.

I recommend you sign in to TDAdmin around SSO (with your account, but using the SSO bypass sign on URL). That URL would look like https://yourTDXdomain/tdadmin/logintdauth.aspx . You'll need to know your local TDX credentials.

Sincerely,

Mark Sayers

Sr Support Consultant, CS

No feedback