Turned on Modern Authentication in AzureAD, sign in logs still showing email monitors using Basic Authentication
Hello,
I followed the instructions here:
https://solutions.teamdynamix.com/TDClient/1965/Portal/KB/ArticleDet?ID=105410
I set the callback URL, got the Secret and Value ID through the Applications in AzureAD.
Was there another step I was supposed to take?
Thanks!
Answers (2)
Hi Mark!
Thank you I believe I got that taken care of in Azure AD. I just need to configure the TDX side.
2 questions:
- Can one web service Auth account be used for all TDX email monitors?
- What is the SCOPE that most users use when setting up email monitors?
Thanks!
2. The scope is created automatically based on the permissions you've granted the app registration and based on which type of OAuth you are trying to use. - Mark Sayers Mon 9/12/22 2:35 PM
imap.acccessasuser.all
mail.readwrite
profile
user.read
Which one of these should I be using in the Scope field in TDX Admin? - Azhar Alsaady Mon 9/12/22 2:39 PM
If you're creating an OAuth IMAP type auth account, then the scope that gets *automatically* generated will include imap.acccessasuser.all . If you're creating an OAuth 2.0 type account, it will generate a scope that includes imap.acccessasuser.all , mail.readwrite , and user.read . But you personally will not fill in a Scope field ever. - Mark Sayers Mon 9/12/22 2:44 PM
Hello Azhar,
Those instructions were for setting up the Azure side of the OAuth setup. You still need to access TDAdmin, create new Auth accounts that are of type OAuth, generate an access token for each one, and set your email monitors to use the new auth account.
I recommend you sign in to TDAdmin around SSO (with your account, but using the SSO bypass sign on URL). That URL would look like https://yourTDXdomain/tdadmin/logintdauth.aspx . You'll need to know your local TDX credentials.
Sincerely,
Mark Sayers
Sr Support Consultant, CS