Email Monitor no connecting

Hello!

We have inherited a TDX environment where an Email Auth Account was already configured in the Ticketing app. I setup a monitor, but I keeps getting the error below. My email folders are in the root as shown in the second image. I changed the email service account password and also updated it in the global email replies section and in the email monitor section in the Ticketing app. The auth account associated with the replies is working fine. However, could this be a email auth account problem in the ticketing app? We inherited TDX with both Auth accounts setup. Can someone point me in the right direction. Thank you

Tags email monitor auth
Asked by Michael Rodriguez on Thu 10/12/23 9:19 PM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Mark Sayers Fri 10/13/23 9:22 AM

Hello Michael,

This sounds like someone who wasn't authorized to grant access to that mailbox was the one who generated the access token for its authentication account. To correct this issue, try the following:

  1. Sign in to TDAdmin
  2. Locate the auth accounts page for the account in question
  3. Click to Edit the Oauth auth account in question
  4. Before progressing, go to O365.com in a new tab
  5. Sign in then sign out of O365, then you can close the tab when complete
  6. Click the generate token button in the TDadmin tab
  7. Sign in to the O365 page with the credentials of that mailbox (or at least with the Azure credentials of an account that has full Read/Manage permissions over the account) and accept the prompted permissions
  8. Save the auth account's page
  9. Enable the monitor's Active checkbox, and save

Sincerely,
Mark Sayers
Sr Support Consultant, CS

No feedback
Hi Mark!
I am waiting for confirmation on whether my credentials have the level of access you mentioned in #7. Is this something that will either work if one has the proper permissions and not if it is slightly off? I am thinking about just attempting it, and if it works leave it like that. - Michael Rodriguez Mon 10/16/23 7:44 PM
We generally advise if possible that you generate the access token for an auth account using the credentials of either the mailbox directly, or at least the credentials of an account that was created on the Azure side for the *specific* purpose of being a "service" type account, and which has been granted the administrative permissions to read and manage the mailbox(es) in question.

It is usually *not* advisable to use a direct user's credentials, just from the standpoint that "people" are not at an organization forever, and should you leave and your account get disabled, then any email monitors you had configured under your own account could then begin to fail. The better option is to set them up so they will continue to work should you ever leave. - Mark Sayers Tue 10/17/23 9:22 AM
Hi Mark,
I thought I had this understood, but I then thought...I can create multiple email monitors per auth account. If I use credentials from one mailbox to generate the token in the auth account as you stated and as documentation states as best practice, what if I add another email monitor that has a different email address associated with it? Then select the same auth account I generated the token with the previous email. Is it that auth accounts and monitors are pairs and as we created them we do as pairs? - Michael Rodriguez Thu 10/19/23 10:23 AM
If the account you generated the Access token for that auth account (the Azure account in O365) has permissions to read/manage that new mailbox too, then it should work to do that, yes. - Mark Sayers Thu 10/19/23 10:35 AM