Unable to Configure MS Auth 2.0 Email Monitor

Please see the screen capture (https://app.screencast.com/U1ghuw4IIQYkJ)  and let me know what is missing from our configuration

I am trying to create a new email auth account using MS Auth2.0 I am logged into TDAdmin as myself and have been added to the Azure configuration as an Admin for the monitor email account.  However, whenever I try to generate the tokens get the following error and am unable to generate the tokens.  As the screen captures shows the monitor email, myself, and uoregon.edu should have permission to generate the tokens.

Any ideas?

Thanks, Tevis



 

Asked by Tevis Boulware on Wed 3/22/23 6:31 PM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Mark Sayers Thu 3/23/23 10:18 AM

Hello Tevis,

Do you happen to be signing in to TDX around SSO when you sign in?

Or at least, before you click the button to generate tokens for the auth account, are you opening a new browser tab in the same browser window, going to O365.com, signing in, and then signing out of O365? If no, I'd do that before trying this again.

Sincerely,
Mark Sayers
Sr Support Consultant, CS

2 of 2 users found this helpful.
Hi Mark, you can close this ticket. This was an issue on "our side." Our Azure admins added a new security setting to the Azure Application settings, "Assignment Required," which prevented a logged-in Admin user, like me, from generating the tokens. This setting requires that the email role account admin sign into TDXAdmin through SSO, which is not possible.

The workaround is to initially configure the Azure application with the "Assignment Required" property set to "off"; then, a TDX Admin can generate the tokens. Once the tokens are generated, the "Assignment Required" property can be set to "on."

Let me know if you have any questions>

Tevis
- Tevis Boulware Mon 3/27/23 5:32 PM