Configuring ITPAM Mail Triggers for OAuth authentication
search cancel

Configuring ITPAM Mail Triggers for OAuth authentication

book

Article ID: 370212

calendar_today

Updated On:

Products

CA Process Automation Base Process Automation Manager

Issue/Introduction

When configuring ITPAM to connect to a remote mailbox, it is best to start by the reviewing our provided documentation.

The basic steps are found in the release notes for ITPAM 4.3.05 CP08, and ITPAM 4.4 CP02.  This document adds a little more detail to the instructions already given.

Environment

IT Process Automation 4.3 SP05 CP06 or higher and 4.4 CP02 or higher

Azure Mailbox using OAuth to connect to PAM to handle mail

Resolution

  1. Register the application in Azure: Quickstart: Register an application with the Microsoft identity platform

    On that page, follow the instructions down to but not including "Add a redirect URI"

  2. Add POP and IMAP permissions to the AAD application and register service principals in Microsoft Exchange: Authenticate an IMAP, POP or SMTP connection using OAuth

    On this page, follow the instructions in the following sections:
      Register your application
      Get an access token
      Add the POP, IMAP, or SMTP permissions to your Entra AD application (enables ITPAM to talk to MS Exchange):

    Note: depending on the env requirements, you may need to use IMAP-SSL with mail server port is 993.

  3. Apply CP08 for ITPAM 4.3.05 or CP02 for ITPAM 4.4

  4. Execute these Powershell commands:
    Install-Module -Name ExchangeOnlineManagement
    Import-module ExchangeOnlineManagement 
    Install-Module -Name AzureAD

    Connect-AzureAD
    $MyApp = Get-AzureADServicePrincipal -SearchString "ITPAM Mail Trigger"

    New-ServicePrincipal -AppId $MyApp.AppID -ServiceID $MyApp.ObjectId -DisplayName "Service Principal for IMAP APP"
    Add-MailboxPermission -Identity "[email protected]" -User $MyApp.ObjectId -AccessRights FullAccess

Additional Information

Please notice that as of 8/4/2025, ITPAM oauth mail trigger support Microsoft Outlook only. For example, if you try to configure with GMail you will see the c2o.log error message like

"error_uri":"https://login.microsoftonline."[truncated 23 bytes]; line: 1, column: 308] (through reference chain: java.util.LinkedHashMap["error_codes"]

oAuth support for Mail module along with mail trigger when using IMAP protocol

 

Powered by Wolken Software