Automation V3: OAuth 2.0 MS Graph Email Connection
Automation has been using basic authentication for Microsoft Exchange Web Service (EWS) until now. Automation users can now access Microsoft Emails using OAuth 2.0 using Microsoft Graph API by creating a new connection or updating an existing connection. And they can use Send and Subscribe Test APIs with Microsoft Graph for testing email flows.
Prerequisite
A prerequisite to authenticating a user using Microsoft Graph API is registering an App for Provar Automation on the ActiveDirectory App Registration to generate the connection properties and grant the necessary access to retrieve the requisite data.
A: Create an OAuth 2.0 MS Graph Connection in Automation
A connection must be created to authenticate the user to integrate with Microsoft Graph.
In the Settings, click the plus + icon, and choose Microsoft Graph Connection from the Add a Microsoft connection option.
The Add New Connection screen is displayed. Give a Connection Name.
In this example, we have given the Connection Name as MS_Graph. And the Connection Type as Microsoft and Microsoft Graph.
The Type field is an authorization assertion type, and it displays two options in the drop-down:
- OAuth 2.0
- Email-As via Client Credentials
Select the OAuth 2.0 option.
The following fields will be pre-populated: OAuth Grant Flow, Authority, Client Assertion Type.
Note: Please refer to your App Configuration on the Microsoft ActiveDirectory App Registry for the correct information.
Enter the values for the required fields; the Tenant ID, Client ID, and Client Secret information will be available for the Provar App configured on the Microsoft ActiveDirectory App Registry as part of the prerequisite.
Note: The Authorise button is enabled only after you have filled these mandatory fields.
We have created a connection, filled in all the mandatory fields, and clicked Authorise.
The MS Graph Authorisation flow will be performed and it will fetch the Access Token from Microsoft.Click the Test Connection button to validate the connection.
There is some validity for these tokens in the Microsoft account. If the Access Token is invalidated, validity has been breached, or the Access Token has expired. The Access Token will stop working, and an error will be displayed to the user.
Note: Since we had Revoked this token, for example, the error message is Revoked; if it would have expired, then the error message would have displayed for Expired.
If some fields are filled incorrectly or if some fields are invalidated, then the corresponding error messages will be displayed. For example, let’s say there is some change in the Client ID field; then the Access Token is invalidated. And you will have to authorize the connection again.
B: Create an Email-As via Client Credentials MS Graph Connection in Automation
An Email-As via Client Credentials connection must be created to perform email testing using the OAuth 2.0 Microsoft Email type.
In the Test Settings, navigate to the Connections tab and click the plus (+) sign icon. The Add New Connection screen is displayed. Give a Connection Name.
In this example, we have given the Connection Name as MS_Graph_Email and the Connection Type as Microsoft and Microsoft Graph.
The Type field is an authorization assertion type, and it displays two options in the drop-down:
- OAuth 2.0
- Email-As via Client Credentials
Select the Email-As via Client Credentials option.
Enter the values for the required fields: Client Credentials Connection and Email.
For the Client Credentials Connection, select the connection created above. Email should be the actual email of the user under test.
After filling out the required fields, make sure to click Test Connection to ensure that valid information has entered.
After testing the Connection, save the Connection and it will appear in the Microsoft connections section of Settings.
If you would like to use this connection to send the ANT Execution Reports over email, please refer to Support for Existing MS OAuth Email Connection.