Clarity Mail service IMAP Integration with MS Azure using OAuth:  IMAP.AccessAsApp a Prerequisite
search cancel

Clarity Mail service IMAP Integration with MS Azure using OAuth:  IMAP.AccessAsApp a Prerequisite

book

Article ID: 406974

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

We are working on the OOTB Mail service integration with Clarity. While following the below document under the section, Setting Up Microsoft Azure OAuth for Classic PPM Mail Service, there is a step which says select IMAP.AccessAsApp.

This permission provides access to all the mailboxes and unfortunately our security does not allow us to proceed with this. Is there any alternative approach we can take to proceed further with the implementation? On a side note: Is Graph protocol supported for Mail Service integration?

 

Configure General System Settings

 

Resolution

For Clarity's IMAP integration to function in a non-interactive mode with Microsoft Azure OAuth, a specific API permission is a critical prerequisite.

Required API Permission:

  • IMAP.AccessAsApp

This permission allows the Clarity application to access mailboxes without requiring individual user interaction or consent for each mailbox. Without IMAP.AccessAsApp, the OAuth token flow will not successfully complete for non-interactive scenarios, preventing the integration from working as intended (e.g., automated processing without a user logging in for each mailbox).

While some applications may offer a flow where individual users sign in and grant consent per mailbox, Clarity's design for this specific non-interactive IMAP integration relies on the IMAP.AccessAsApp permission.

Important Considerations and Limitations:

  • Basic Authentication Deprecation: Please note that Microsoft has deprecated Basic Authentication for IMAP in Exchange Online. Therefore, OAuth is the required authentication method for new and existing integrations.
  • Security Implications: Granting IMAP.AccessAsApp is a powerful permission. Ensure it is granted with careful consideration of your organization's security policies and only to the necessary application registrations.

If the IMAP.AccessAsApp permission cannot be granted or is not configured correctly, the non-interactive IMAP integration within Clarity will not function as expected.

Currently, for the Clarity mail service configuration there is no known direct workaround within Clarity that allows for non-interactive IMAP integration via Microsoft Azure OAuth without the IMAP.AccessAsApp permission. We have not tested GRAPH API as an alternative for programatic access to MS 365 Mailboxes. 

Further Assistance:

Should your organization's security policies prevent the granting of IMAP.AccessAsApp, and this poses a significant blocker for your integration requirements, consider submitting an enhancement idea through the standard Clarity product enhancement process to discuss potential alternative approaches or future capabilities.

Enhancement Requests for Clarity

Powered by Wolken Software