You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2023-01-04 20:58:01

claugiral
Member
Registered: 2015-04-13
Posts: 55

Authentication vía Oauth Imap

Hello GLPI Team,

GLPI 9.5.6

I was using the authentication against my office 365 mail server, until we configure the doble factor of authentication, after that, I couldent use it anymore.
I install the Oauth Imap pluggin to resolve this with the authentication against my azure server, but I face the problem that I have to add each user one by one as administrator in glpi and ask for its password to can get the token...

I´m doing something wrong? There is a way to configure it for each user can access automatically as they used to do it when the authentication was against the mail office 365?

The way I configure my azure and glpi:
1.    Register our app in Azure AD and get credentials (Application ID, Tenant ID and Client Secret)
2.    Grant it some permissions to access a user mailbox ( email, IMAP.AccessAsUser.All, offline_access, openid, User.Read)
3.    Install the plugin and configure with the credentials from Azure AD
4.    Create an authorization with our Oauth IMAP application in GLPI
5.    Create an authorization with our desired email (This is the step that I have now to do user by user, and ask eachone for his credentials)
6.    Create a collector (Receiver) with the authorization we created

I hope you can help me!

Offline

#2 2023-01-04 22:40:15

oneill2john
Member
Registered: 2022-05-07
Posts: 58

Re: Authentication vía Oauth Imap

For step 5 - you have to do this only for an email address that you will use for your helpdesk, not for every administrator.
For example, if your users send tickets to email "helpdesk@email.com", you have to add only this email account to your OAuth configuration (and you know password of this mailbox).

Offline

#3 2023-01-05 19:11:18

claugiral
Member
Registered: 2015-04-13
Posts: 55

Re: Authentication vía Oauth Imap

Thanks for your response, but is not clear to me, how the other users can access to the GLPI... maybe I´m doing something wrong? I I understand, when I configure the application GLPI in Azure, by default all my users should can access to glpi with his mail account??

My wish is that each user of my team can access automatically as they used to do it when the authentication was against the mail office 365

Offline

#4 2023-01-11 11:18:08

oneill2john
Member
Registered: 2022-05-07
Posts: 58

Re: Authentication vía Oauth Imap

If you want your users to be able to login to GLPI using their email addresses (SSO login), you have to go to: Setup > Authentications > Mail Servers.
Click Add.
Under Connection Options you should see your OAuth connections that you have previously configured in your OAuth IMAP plugin.
Fill the rest of the fields according to your needs.

Check GLPI documentation for more details: 

https://glpi-user-documentation.readthedocs.io/fr/latest/modules/configuration/authentication/index.html

Offline

Pages: 1

Board footer

Powered by FluxBB