Information on how access token generation works for OAuth 2.0
CA Service Desk Manager 17.3 and 17.4
1. If you login as a normal mailbox user after clicking on Generate Access Token, the Need Admin Approval window is shown (this is to be expected).
This can happen if you customer explicitly type in normal mailbox User details in the window that was opened after clicking the Generate Access Token or the normal Mailbox User was already logged into the browser earlier and cookies exist and so the browser could have logged in automatically.
It is advised to generate an access token on an Incognito browser window, so that there are no cookies available.
1. Via an Incognito web browser window, log into the CA SDM UI
2. Navigate to the Mailbox Page and then to the OAuth details page
3. Click on Generate the Access Token, which opens a Microsoft login popup page.
4. Login as an Azure Administrator to provide Admin Consent. Once consent is provided by Administrator, the page redirects to open up a new Microsoft login page. Now login as a normal Mailbox User and the access token gets generated.
normal mailbox user = User Name provided in Mailbox detail page
There are two scenarios when an access token gets expired and is not auto generated.
1. Access Token expires after 1 hour (short expiry time provided by Microsoft)
2. Access Token expires after 90 days of generation.