Hi @cory ,
Our team is currently investigating the impact of the deprecation for basic authentication in both IMAP and SMTP protocols. Unfortunately, at this time we do not support the alternative authentication method. I will update this post once we have more information to share.
Thanks,
Kezia
Hi @keziaatsafe ,
Is there any update on the alternative authentication method and support being included in an FME Server release?
In most cases, I can make workarounds to avoid the issue, but the one I'm stuck with is any IMAP Triggers within FME Server Automations, and the Email (IMAP) Publication. If you have any suggested workarounds, that would be great.
Cheers,
Kieran
Hi @keziaatsafe ,
Is there any update on the alternative authentication method and support being included in an FME Server release?
In most cases, I can make workarounds to avoid the issue, but the one I'm stuck with is any IMAP Triggers within FME Server Automations, and the Email (IMAP) Publication. If you have any suggested workarounds, that would be great.
Cheers,
Kieran
Hi @kieran.odonnell ,
Unfortunately I do not have any suggested workarounds at this time. However, Microsoft did announce on September 1, 2022 that they are offering a one-time postponement of these security changes, until the end of December 2022. Our team is working on support for alternate authentication method in these protocols and we will continue to update this post as more information comes. See below for more information on the Microsoft One-Time Re-Enablement update.
"...there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be turned off bpermanently] in early January 2023, with no possibility of further use. See the full announcement at Basic Authentication Deprecation in Exchange Online – September 2022 Update".
Hope this helps!
-Kezia
What is the problem with generating an app-password under the account, and use that? Or am I missing something??? I thought these app-passwords were explicitly introduced by the Microsofts and the Googles, to facilitate things like these???
I've been using an app-password for our fme-server-exchange-account-triggers-and-actions for over a year now. Hope that won't be depreciated..
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
🙏
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
Hi @keziaatsafe,
Thank you to the team for prioritising this!
Is there an estimated release date for this at all?
Hi @keziaatsafe,
Thank you to the team for prioritising this!
Is there an estimated release date for this at all?
Hi @cory,
We understand this is very important to many workflows! All major releases are scheduled, with typically 3 a year - one every four months - we target our major releases around the months of March (x.0), July (x.1) and November (x.2). You can anticipate for the release of FME 2022.2 sometime in November.
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Hi @kieran.odonnell ,
We have instructions from the Development Team regarding disabling Basic Auth, configurations for Azure AD Tenant and configurations for SMTP external actions. We are currently working on publishing a related article as well.
Disable Basic auth-
- On the Azure AD homepage, go to “Properties” on the left navigation bar.
- Click on “Manage security defaults”.
- Toggle Enable security defaults to Yes and then save.
Azure AD Tenant Configuration-
- You might have already registered your application with Azure AD
- Note the client ID and secret for later steps.
- On your registered application page on Azure AD, click on “API permissions” on the left navigation bar.
- Click “Add a permission” and then “Microsoft Graph” in right hand under Microsoft APIs
- Click on “Delegated permissions”.
- Find “IMAP.AccessAsUser.All” and “SMTP.Send” permission. Add both permissions
- Click “Grant admin consent for <tenant name>“
- Lastly, we must allow the Azure AD tenant application to function as a public client.
- Under the Authentication tab, toggle “Allow public client flows” and set the Enable the following mobile and desktop flows option to Yes.
SMTP External Action Configuration-
We must enable SMTP AUTH for the Azure AD tenant
- Enable SMTP Auth for the organization (in Azure AD tenant). Follow the instructions here.
- Enable SMTP Auth for the specific mailboxes via the Microsoft 365 Admin Center. Follow the instructions here.
Hope this helps!
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
@keziaatsafe we are stuck on this as well, if you can pass on the related article once it is published that would be great, thank you
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Thanks @oliver.morris . I 'm still awaiting the final results of our 'head of Azure' (you know who) going through above listed steps in detail.
Can report, using a ClientID for the System e-mail for SMTP works, but using it in Automation triggers (imap) or emailers (smtp) or their Publisher / Subscriber equivalents does not (yet).
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Hi @oliver.morris and @martinkoch ,
Here is a recently published article on on how to use Microsoft Modern Authentication with FME. https://community.safe.com/s/article/How-to-use-Microsoft-Modern-Authentication-with-FME
Hope this helps!
Kezia
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
thanks @keziaatsafe
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
🙏