The following is a step by step guide to configure Gmail or Office 365 account to be used by SDM Maileater, interfacing with OAuth 2.0 based authentication.
It is assumed that a Gmail or Office 365 login has been established for use with Maileater.
CA Service Desk Manager 17.3 RU4 and higher
Login to the Google Developer Console using the given gmail credentials.
URL is: https://console.developers.google.com/
For "Edit app registration", fill in the following:
App Name: Arbitrary name you can use to identify this as the SDM Maileater app. We will use "SDM 17.3 Oauth IMAP Maileater"
User support email: We will use the same gmail login that is associated with the given user.
App Logo: Optional entry
App Domain fields: The following fields can be left blank: Application home page, Application Privacy Policy link, Application terms of service link
Authorized domains: Add the domain name of your SDM Server's FQDN.
Developer contact information: Enter an email address of your choosing as the contact info requires it.
Once the above entries are entered, choose "Save and Continue"
You will then see for Edit App Registration the "Scopes" page. You can leave this entire page as is, and click "Save and Continue"
The next screen will be for "Test Users". Enter the gmail login id that is associated with the given mailbox. Click "Add Users" and enter the gmail address of the given gmail login id.
Once the given user is entered in as a Test User, click "Save and Continue"
Fill in the given fields as follows:
Application Type: should be "Web Application".
Name: This field is arbitrary (we will use "SDM 17.3 Maileater")
Authorized JavaScript origins: This field can be skipped
Authorized redirect URI: This should be https://<SDM_HOSTNAME__with_FQDN:SDM_PORT_NUMBER>/CAisd/OAuthProcessor
Important: Please keep this URI handy for a later task. The above redirect URI can accept an http based URI if you are only testing and have not implemented SSL
Once all fields are entered, click "Create"
For the form "Register an Application"
Name: enter an arbitrary Application Name of your choosing.
Supported account types: choose "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts)
In this case, we will use "SDM 17.3 Oauth IMAP Maileater"
Click "Register" when done.
Under "Redirect URI's", enter the URI as follows:
https://<SDM_HOSTNAME_with_FQDN:SDM_PORT_NUMBER>/CAisd/OAuthProcessor
Other fields can be left alone.
Note: For Office 365, only https or http://localhost based URL's are supported.
Click "Configure" to add the above URI.
In Service Desk, setup a mailbox and at least one mailbox rule for testing.
Note: Please use OpenSSL to obtain the Root CA certificate from Gmail or Outlook/Office 365. Alternatively, if you already have a working Gmail or Outlook/Office 365 based mailbox using a non-Oauth 2.0 connection approach, you can re-use the same Root CA. For details, please see the following KB Article:
https://knowledge.broadcom.com/external/article/198751/maileater-certificate-errors-with-office.html
This screencap depicts the standard setup for Gmail with the authentication option Security Level set to use OAuth 2.0
Click on the Oauth 2.0 tab, then choose "Create New"
Enter the following for the Oauth settings:
Provider: Select "Google Mail" or "Microsoft Exchange" depending on which is being used.
Client ID: Enter the Client ID that was copied from an earlier step. For Outlook/Office 365, this is the "Application (client) ID"
Client Secret: Enter the Client Secret that was copied from an earlier step
Note: For Office 365, a common mistake that occurs here is to enter the "Secret ID" field that appears during the step when creating a secret.
Redirect URI: Enter the EXACT URI from the earlier step that was used in the creation of the Oauth Client ID. The URI should be of the form https://<SDM_HOSTNAME__with_FQDN:SDM_PORT_NUMBER>/CAisd/OAuthProcessor
Scope: Enter "https://mail.google.com" OR "offline_access https://outlook.office.com/IMAP.AccessAsUser.All" for Google or Office 365 respectively.
Once the fields are entered in, click Save
Note 1 : While configuring mailbox, please include 2 certificates :
Microsoft Exchange OAuth 2.0 requires 2 certificates. Provide with a space separated value (for example: outlook.cer login_microsoft.cer)
Refer to the following link for SMTP and IMAP OAUTH configuration
https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configure-ca-service-desk-manager/how-to-configure-the-mailbox-to-handle-inbound-emails/define-a-mailbox.html