OTOBO POP3 and IMAP OAuth2 Authentication

OTOBO now also supports authentication via OAuth2 / OpenID Connect for POP3 and IMAP, enabling a secure and modern method of authentication. After installing the MailAccount-OAuth2 package, you can use this authentication method, which is particularly recommended when using cloud-based email services like Microsoft Azure.

Azure Configuration Steps

1. Visit the Azure Portal to start your Azure Active Directory configuration.
2. Add a new enterprise application and create your own application.
3. Assign a name to your app and configure it according to your requirements.
4. The mailbox user must be assigned to the application. Note the Application ID for later use in OTOBO.
5. Determine the Tenant ID of your domain, which is also required for the configuration in OTOBO.
6. Create a new app in the App Registration to complete the authentication process.

By integrating modern authentication standards like OAuth2 into OTOBO, you improve the security and flexibility of your email communication. Furthermore, the clear structure of email account management in OTOBO facilitates an efficient and user-friendly configuration of your email settings to optimize your customer support and internal communication.

OAuth2 Authentication for POP3 and IMAP in OTOBO

OTOBO enables highly secure OAuth2 authentication for POP3 and IMAP email accounts through integration with Microsoft Azure, which represents a significant improvement in the security and efficiency of email communication.

Setting up OAuth2 authentication involves several steps in the Azure console and the OTOBO system configuration.

Steps to Set Up Azure for OAuth2 Authentication

1. Redirect URL and Client Secret

   Create a redirect URL of the type Web for your application. The redirect URL should include the address of your OTOBO system, followed by "/otobo/index.pl?Action=AdminMailAccount".

   

   Azure step for creating the redirect URL [1]

   https://<OTOBO-ADDRESS>/otobo/index.pl?Action=AdminMailAccount

   Also, create a client secret and note its value, as it will be needed later in OTOBO.

   

2. API Permissions

   Add the required API permissions for IMAP.AccessAsUser.All and POP.AccessAsUser.All. This grants OTOBO the necessary rights to access your email accounts.

   

OTOBO OAuth2 Configuration

After completing the Azure configuration, it is necessary to apply the settings in OTOBO:

1. Activation of the OAuth2 Profile

   In the OTOBO admin interface, navigate to the System Configuration and activate the OAuth2::MailAccount::Profiles###Custom1 profile.

2. Entering the Application ID and Client Secret

   Enter the previously noted Application/Client ID and the client secret in the corresponding fields.

   

3. Adjusting the OAuth2 Provider

   In the OAuth2::MailAccount::Providers###MicrosoftAzure configuration, replace the common placeholder with your TenantID.

   

   Once these configurations are made, you can select the OAuth2 profile for your email accounts in OTOBO to complete the authentication.

   

In summary, OAuth2 authentication and the use of postmaster filters significantly improve the security and efficiency of email processing in OTOBO. With these features, OTOBO provides a powerful platform for optimizing communication with customers and within the team.