Microsoft Office 365 Email Integration with Enate via Graph API model
Last updated
Last updated
You can sync Enate to Microsoft Office 365 email boxes and pull emails into Enate without needing to use POP3 or IMAP protocols via Graph API Integration. Read below to find out how to go about this.
To configure integration between Enate and Office 365, each unique Enate instance must be registered with the Microsoft Identity Platform in the Azure AD of the Office 365 tenant to which you need to establish connectivity.
To create the “App Registration” please follow the guide from Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.
When configuring the Enate App Registration the supported account types option should be chosen based on the mailboxes you wish to access. No redirect URI is required.
Once the App Registration is complete you must add credentials and setup permissions.
To add the required permissions follow the guide at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-permissions-to-access-web-apis. The only required API permission is an Application permission of Microsoft Graph\Mail.ReadWrite. It is important to select an “Application permission” and not a “Delegated permission”. Be sure to grant admin consent for the permission within the Azure AD tenant.
To create a credential follow the guide at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application. Enate supports Client Secrets and Certificates.
Finally to restrict the App Registration to only accessing certain mailboxes (strongly recommended) follow the Microsoft guide at https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access
After Azure AD has been configured to grant access, login to Enate Builder as a user with the “Can Edit Shared Configuration” permission.
Click the settings cog in the bottom left and open the “Office 365 Integration” pane and enter the details from your Azure AD App Registration.
The Tenant ID (aka Directory or Domain) and Application ID is shown on the Overview pane of the Azure AD App Registration; the client secret or certificate (and private key password) are supplied by you to both Azure AD and Enate.
You always use shared mailbox.
Click on the Office 365 Integration” pane and select whether you want to authenticate with a certificate (this is the recommended route as it is more secure), or whether you want to authenticate with client secret.
As part of this set up, an Office365 Certificate would need to be generated - Generating a certificate is an activity for your Office365 Administrator to undertake, and is done completely independent of Enate. For your reference we have provided below a SAMPLE of the kind of PowerShell script that can be used to generate such a certificate. It will save the Certificate with the private key (for Enate) to a PFX file and without the private key (for Azure):
Enter the Tenant ID/Domain and the Application ID, select the 'Authentication with Certificate' option, add the certificate file ( Personal Information File, .pfx) and enter the password for the certificate file.
Then click to check the connection. Once the connection has been successfully tested, click to save.
You have now successfully configured your Office 365 integration.
To authenticate with client secret code, enter the Tenant ID/Domain and the Application ID, select the 'Authentication with Client Secret' option, add the client secret code (this is generated by the network admin of your company).
Then click to check the connection. Once the connection has been successfully tested, click to save.
You have now successfully configured your Office 365 integration.
Once you have successfully configured your Office 365 integration, you can configure your Graph API Mailbox by going to the Email Connectors page and selecting to add a Graph API Connector.
Enter the name and email address of the shared mailbox to be used.
Then click to test the connection. Once the connection has been successfully tested, click to enable the Graph API connector and click to save. Your Graph API connector is now set up.
You can now create different Email Routes for the Graph API connector if you wish.
If a new email arrives from one of the folders configured in the connector and it matches the folder path specified in the email route and it passes any other routing rules, it will launch the process specified in the route.
If you don't specify the folder path and leave it blank or use a wildcard '*', emails from any of the the folders configured in the connector will create the process specified in the route, as long as all the other routing rules are matched as well.