OAuth2 Email Access Tokens

Third-party email services from Google (Google Email) and Microsoft (Microsoft Azure) require that access to their mail servers is granted by a protocol named OAuth2.  This is a token-based mechanism, and ExtraView supports this with automated as opposed to manual access.  Given both incoming and outgoing email notifications with ExtraView are automated tasks, the complete process of authentication is handled by the ExtraView administration utility named Access Tokens for 3rd Party Email Services.  This utility allows the administrator to reach out to the email servers and receive a token that provides access.  When the token expires, ExtraView refreshes the token automatically, to ensure continuation of access without manual sign ons to the email servers. 

Before configuring the feature, please make sure your Apache Tomcat application server configuration file has the appropriate mount points for the OAuth2 connection.  These will be similar to these entries with your instance’s <instance name> and <tomcat service name>:

JkMount /<instance name>/OAuth2 <tomcat service name>

JkMount /<instance name>/OAuth2/* <tomcat service name>

Familiarity with the Micosoft Azure and Google Email applications is assumed.  The following pages document the key steps for both Microsoft Azure and Google Email configurations. Following these is the instruction page to configure the token access within Extraview.

This is a summary of the steps:

  • Ensure that there is a working and correctly configured email service outside of ExtraView
  • Within the configuration screen of the remote email service, register ExtraView as an application
  • Within the ExtraView Access Tokens for 3rd Party Email Services screen, find and copy the redirect URI
  • Configure the remote email service with the redirect URI and copy the values of the fields that ExtraView requires:

    • Microsoft Azure – Copy the Tenant ID, the Client ID and the Client Secret
    • Google Email – Copy the Client ID and the Client Secret
  • Configure the ExtraView administration utility with the authentication information from the remote email service
  • If you are using the ExtraView incoming EVMail service, then configure that with the information to connect
  • Configure the ExtraView BatchMail service to connect ro the external email service
  • Test incoming emails from EVMail
  • Test outgoing notifications, which use the ExtraView BatchMail service.

When configuring Batchmail and EVMail, there is an appendix to this guide at OAuth2 Email Mailbox Settings to assist.

Hint: You need to interchange information between ExtraView and the Email service you are configuring.  Open two browser windows, one with ExtraView and one with the Email portal so you can easily copy & paste information between them.  This simplifies copying the ExtraView URI address to the email service, and the service information such as the client secret and token ID into ExtraView.

Using Multiple Email Addresses within ExtraView

ExtraView supports the use of multiple email addresses for different purposes.  The key email addresses are each set as behavior settings that may have the same or different values:

  • AD_HOC_EMAIL_FROM_ADDRESS
  • EMAIL_ADMINISTRATOR_USER_ID
  • EMAIL_FROM_USER_ID

In addition, individual user’s email addresses may be used (explicitly or as the * Current User *) as outgoing email addresses.  These each require authentication when used with Microsoft Azure or Google Email.  Additional configuration of the external email services can be made to support multiple addresses.

For example, within Microsoft Azure you may permit the user configured within Batchmail to be a delegated sender for all the other email addresses that you want to use as email FROM addresses.   Alternatively, change the ExtraView configuration to set the REPLY_TO email header to the individual users, rather than the FROM header.