Question
Kelly Services
US
Last activity: 7 Jun 2022 14:19 EDT
Email Account Using Microsoft Graph As Receiver With Office 365 Email Provider In 8.4.3 Doesn't Work
Hello All,
Our organization is migrating from the IMAP (using user name and password) approach to Microsoft Graph with Office 365 using OAUTH 2.0.
Hence, my application built on PegaRules 8.4.3 Cloud, has to upgrade all the current email account rules that were configured with IMAP (using user name and password) to Microsoft Graph with Office 365 email provider using OAUTH 2.0.
We came to know from the help that Pega is limiting the grant type of the OAUTH profile to either Client Credentials or Password Credentials. Clearly we cannot use the Password credentials as this is what our organization messaging team are deprecating, hence the only option left for us it to set up the OAUTH 2.0 profile with Client credentials.
Hence, we started this migration procedure with the help of messaging team and we have created the new OAUTH 2.0 profile with grant type as Client credentials.
We have configured OAUTH2.0 profile as below:
Hello All,
Our organization is migrating from the IMAP (using user name and password) approach to Microsoft Graph with Office 365 using OAUTH 2.0.
Hence, my application built on PegaRules 8.4.3 Cloud, has to upgrade all the current email account rules that were configured with IMAP (using user name and password) to Microsoft Graph with Office 365 email provider using OAUTH 2.0.
We came to know from the help that Pega is limiting the grant type of the OAUTH profile to either Client Credentials or Password Credentials. Clearly we cannot use the Password credentials as this is what our organization messaging team are deprecating, hence the only option left for us it to set up the OAUTH 2.0 profile with Client credentials.
Hence, we started this migration procedure with the help of messaging team and we have created the new OAUTH 2.0 profile with grant type as Client credentials.
We have configured OAUTH2.0 profile as below:
- Client Identifier = Messaging team provided by creating app in their Azure
- Client Secrete = Messaging team provided by creating app in their Azure
- Scope = https://graph.microsoft.com/.default (this is mandatory, without this, we cannot establish connection, and the value is generic provided by Microsoft)
- Access token end point URL = https://login.microsoftonline.com/organizations/oauth2/v2.0/token (this is mandatory, without this, we cannot establish connection, and the value is generic provided by Microsoft)
Now, when we tested our connection from email account rule using "Test Connectivity" in the receiver section, then we get the exception which is attached as a screen shot.
Response code 401, Unauthorized Handling error response Deserializing type GraphErrorResponse Graph service exception Error code: NoPermissionsInAccessToken Error message: The token contains no permissions, or permissions can not be understood.
We tried the same in postman tool and get the same error.
When messaging team tries to get Microsoft support teams help, they claimed that they cannot configure an app in Azure without a re-direct URL.
Which is available only if OAUTH2.0 profile is configured with grant type as "Authorization code, which is limited when Microsoft Graph is selected via email account rule.
Now, we are kind of in a confusion state and kind of stuck here and neither team (Pega or Messaging team) know how to resolve this issue.
If this feature was provided by Pega, then
- How they tested this?
- Are we missing any permissions or configuration setting either from app or cloud perspective?
- Did anyone implemented Microsoft Graph option from email account?
Any assistance or hint here is much appreciated.
Accepted Solution
Updated: 15 Jan 2021 13:31 EST
Kelly Services
US
Hello All,
The problem is resolved. Thanks to the Pega support team for helping me to resolve this issue. The incident ticket that was created for this issue is INC-151612 if anyone want's to refer.
After we follow the attached document and especially provided the required permissions as per the document in Azure app configuration, this problem is resolved.
Accepted Solution
Updated: 15 Jan 2021 13:31 EST
Kelly Services
US
Hello All,
The problem is resolved. Thanks to the Pega support team for helping me to resolve this issue. The incident ticket that was created for this issue is INC-151612 if anyone want's to refer.
After we follow the attached document and especially provided the required permissions as per the document in Azure app configuration, this problem is resolved.
Northbridge Financial
CA
@GiriKonatham: Hi, I have tried to use the Microsoft Graph API and found that the Pega Email Listener when configured using this protocol is not able to read emails wherein there is an email attachment. It only processes the parent email and the attachments inside it which in this case is an email is not being able to be read. Could you please confirm if an email with an email as an attachment is being able to be processed by the Pega Listener which is using the Microsoft Graph API from your end ?
Thanks,
Siva
Capgemini Financial Services
GB
@Sivaraman This was supposedly a bug in PEGA 8.4 version. This was resolved to some extent in 8.5.2 but further we identified issue with attachment getting dropped. Finally we got hotfix to resolve all attachment issue after lots of tracing and digging the services calls.
Srinsoft Technologies
IN
@Giri Konatham I'm trying to configure the same. I have followed all the steps and still getting 401.
"Access token endpoint invocation failed : {ErrorMessage=Response status : 401 Unauthorized, statuscode=401}"
Not sure if any other configuration from Azure AD is needed. Can you add the platform configuration that needs to be done in Azure AD (like what is the redirect URI for web platform)?