How to Integrate Email Capture Authentication into Your FranConnect Environment

What does Email Capture do?

It allows to configure email server and email information. User needs to use this email in To or Cc, while sending emails to lead(s), franchisee(s) and contact(s) so that system will capture emails from this email account automatically and display in respective lead's message history section and franchisee's /contact's contact history section.

To configure microsoft email accounts, follow modern authentication process. Other types of accounts can be configured using plain authentication process.

What is this document for?

This document is for the users to help them configure modern authentication for microsoft email accounts.

Steps to configure modern authentication for email accounts. The below steps are to be performed only when configuring microsoft accounts

Step-1: Login to your microsoft azure account microsoft azure
Step-2: Click on azure active directory
emailcap1.png
Step-3: Click on app registrations in left panel
emailcap2.png
Step-4: Click on new registration icon on the top
emailcap3.png
Step-5: Enter name and select "Accounts in this organizational directory only" in supported account types and click on register
Your application will be created successfully.
emailcap4.png
Step-6: Now add a secret in application, click on “Add a certificate or secret link”. A new page will open , click on “+ New client secret”.
emailcap5.png
Step-7: Add description and click on add. A client secret will be added
Note : Copy and store client secret value because it will not be shown after immediate creation
emailcap6.png
Step-8: Add the POP and IMAP permissions to your AAD application
  • In the Azure portal, choose the API Permissions blade in your Azure AD application's management view.
  • Select Add permission.
  • Select the APIs my organization uses tab and search for "Office 365 Exchange Online".
  • Click Application permissions.
  • For POP access, choose the POP. AccessAsApp permission. For IMAP access, choose the IMAP.AccessAsApp permission.
  • Once you've chosen which type of permission, select Add permissions.

emailcap7.png

You should now have the POP or IMAP application permissions added to your AAD application's permissions.
Below steps needs to be performed only by the Admin
Step-9: Get Tenant Admin Consent
If you registered your application in your own tenant using "Accounts in this organizational directory only", you can simply go forward and use the application configuration page within the Azure AD admin center to grant the admin consent, and don't need to use the authorization request URL approach.
emailcap8.png
Step-10: Register service principals in Exchange
To use the New-ServicePrincipal cmdlet, install the ExchangeOnlineManagement and connect to your tenant as shown in the following snippet.
Install-Module -Name ExchangeOnlineManagement -allowprerelease
Import-module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <tenantId>

Once your Azure AD application is consented to by a tenant admin, the tenant admin must register your AAD application's service principal in Exchange via Exchange Online Power Shell. This is enabled by the New-ServicePrincipal cmdlet

The following is an example of registering an Azure AD application's service principal in Exchange:

New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]

The tenant admin can find the service principal identifiers referenced above in your AAD application's enterprise application instance on the tenant. You can find the list of the enterprise application instances on the tenant in the Enterprise applications blade in the Azure Active Directory view in Azure Portal.

The OBJECT_ID is the Object ID from the Overview page of the Enterprise Application node (Azure Portal) for the application registration. It is not the Object ID from the Overview of the App Registrations node. Using the incorrect Object ID will cause an authentication failure.

Note : Use Object ID from Enterprise application page not from app registration overview page
emailcap9.png
Step-11: Give add mail box permissions
The tenant admin can now add the specific mailboxes in the tenant that will be allowed to be access by your application. This is done with the Add-MailboxPermission cmdlet.

The following is an example of how to give your application's service principal access to one mailbox:

Add-MailboxPermission -Identity john.smith@contoso.com -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
Was this article helpful?
0 out of 0 found this helpful