+1
Hi team,
with the deprecation of Basic Authentication coming up in October later this year (Deprecation of Basic authentication in Exchange Online | Microsoft Docs),
it's been suggested we move across to OAUTH for accessing emails via FME Server Automations.
I'm a little stuck on how we can do this? There doesn't seem to be any OAUTH
capability within the templates?
Any suggestions on how we can achieve this?
Best answer by keziaatsafe
View original
+6
Hi @cory ,
Our team is currently investigating the impact of the deprecation for basic authentication in both IMAP and SMTP protocols. Unfortunately, at this time we do not support the alternative authentication method. I will update this post once we have more information to share.
Thanks,
Kezia
Hi @keziaatsafe ,
Is there any update on the alternative authentication method and support being included in an FME Server release?
In most cases, I can make workarounds to avoid the issue, but the one I'm stuck with is any IMAP Triggers within FME Server Automations, and the Email (IMAP) Publication. If you have any suggested workarounds, that would be great.
Cheers,
Kieran
+6
Hi @keziaatsafe ,
Is there any update on the alternative authentication method and support being included in an FME Server release?
In most cases, I can make workarounds to avoid the issue, but the one I'm stuck with is any IMAP Triggers within FME Server Automations, and the Email (IMAP) Publication. If you have any suggested workarounds, that would be great.
Cheers,
Kieran
Hi @kieran.odonnell ,
Unfortunately I do not have any suggested workarounds at this time. However, Microsoft did announce on September 1, 2022 that they are offering a one-time postponement of these security changes, until the end of December 2022. Our team is working on support for alternate authentication method in these protocols and we will continue to update this post as more information comes. See below for more information on the Microsoft One-Time Re-Enablement update.
"...there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be turned off [permanently] in early January 2023, with no possibility of further use. See the full announcement at Basic Authentication Deprecation in Exchange Online – September 2022 Update".
Hope this helps!
-Kezia
+13
What is the problem with generating an app-password under the account, and use that? Or am I missing something??? I thought these app-passwords were explicitly introduced by the Microsofts and the Googles, to facilitate things like these???
I've been using an app-password for our fme-server-exchange-account-triggers-and-actions for over a year now. Hope that won't be depreciated..
+6
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
+13
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
🙏
+1
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
Hi @keziaatsafe,
Thank you to the team for prioritising this!
Is there an estimated release date for this at all?
+6
Hi @keziaatsafe,
Thank you to the team for prioritising this!
Is there an estimated release date for this at all?
Hi @cory,
We understand this is very important to many workflows! All major releases are scheduled, with typically 3 a year - one every four months - we target our major releases around the months of March (x.0), July (x.1) and November (x.2). You can anticipate for the release of FME 2022.2 sometime in November.
Hello FME Community,
We truly appreciate your patience with us on this issue. Our support for the alternative ‘modern’ authentication method will be implemented in FME Server 2022.2 for both the IMAP trigger and SMTP action in Automations (and Notifications). Please see this article for more detail and information on next steps: Invalid Credentials: Unable to receive or send email with basic authentication in FME.
Thank you.
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
+6
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Hi @kieran.odonnell ,
We have instructions from the Development Team regarding disabling Basic Auth, configurations for Azure AD Tenant and configurations for SMTP external actions. We are currently working on publishing a related article as well.
Disable Basic auth-
Azure AD Tenant Configuration-
SMTP External Action Configuration-
We must enable SMTP AUTH for the Azure AD tenant
Hope this helps!
+10
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
@keziaatsafe we are stuck on this as well, if you can pass on the related article once it is published that would be great, thank you
+13
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Thanks @oliver.morris . I 'm still awaiting the final results of our 'head of Azure' (you know who) going through above listed steps in detail.
Can report, using a ClientID for the System e-mail for SMTP works, but using it in Automation triggers (imap) or emailers (smtp) or their Publisher / Subscriber equivalents does not (yet).
+6
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
Hi @oliver.morris and @martinkoch ,
Here is a recently published article on on how to use Microsoft Modern Authentication with FME. https://community.safe.com/s/article/How-to-use-Microsoft-Modern-Authentication-with-FME
Hope this helps!
Kezia
+10
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
thanks @keziaatsafe
+13
Hi @keziaatsafe ,
Big thanks to the team for prioritising this work! The experience is great, and simple to accomodate the new authentication within existing Automations.
A question on the Authentication - is this all handled directly through the exchange endpoint as with the IMAP trigger before, or is there another URL that will need to be unblocked on some firewalls?
I have tested with an FME Server which is very open and been able to configure the authentication without any issues. But in a more restrictive environment, the IMAP object now experiences a timeout, as soon as I enter the clientid value.
Is the trigger making a connection to a Microsoft Graph endpoint (or something similiar) for the authentication, that users may need to have whitelisted?
Or is it solely making a connection to the host we enter in the IMAP Server Host box?
Thanks!
🙏
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
