Alarm redirection to email is a very commonly used Geo SCADA Expert (GSE) feature. Modern email servers may use OAuth 2.0 authorization, which requires some configuration not only on the GSE side, but also on the email server as well. This article will discuss a possible issue a customer may face while using OAuth 2.0 with GSE and how to fix it. This article by no means covers all the possible configuration issues someone may find while trying to connect to an email server, just a common one.
In this case, after setting all the SMTP properties at Server Configuration > System Configuration > E-Mail and clicking on the “Verify Connection” button, the user sees an error: “Unable to check mail using Graph.API. Error message: Access is denied. Check credentials and try again”:
That error occurs when the Graph API throws an exception while trying to access the user’s mailbox. It has already successfully retrieved the authentication token by that point, so it is unlikely to be an issue with the username or secret. The customer, in this case, can check what API permissions have been granted to the OAuth provider.
To send email using OAuth it should have the following 'application' level permissions:
Microsoft Graph: Mail.ReadWrite and Mail.Send
Office 365 Exchange Online: SMTP.SendAsApp
To receive emails using OAuth it should also have the following 'application' level permissions:
Office 365 Exchange Online: POP.AccessAsApp and/or IMAP,AccessAsApp
Released for: Schneider Electric Hong Kong
Alarm redirection to email is a very commonly used Geo SCADA Expert (GSE) feature. Modern email servers may use OAuth 2.0 authorization, which requires some configuration not only on the GSE side, but also on the email server as well. This article will discuss a possible issue a customer may face while using OAuth 2.0 with GSE and how to fix it. This article by no means covers all the possible configuration issues someone may find while trying to connect to an email server, just a common one.
In this case, after setting all the SMTP properties at Server Configuration > System Configuration > E-Mail and clicking on the “Verify Connection” button, the user sees an error: “Unable to check mail using Graph.API. Error message: Access is denied. Check credentials and try again”:
That error occurs when the Graph API throws an exception while trying to access the user’s mailbox. It has already successfully retrieved the authentication token by that point, so it is unlikely to be an issue with the username or secret. The customer, in this case, can check what API permissions have been granted to the OAuth provider.
To send email using OAuth it should have the following 'application' level permissions:
Microsoft Graph: Mail.ReadWrite and Mail.Send
Office 365 Exchange Online: SMTP.SendAsApp
To receive emails using OAuth it should also have the following 'application' level permissions:
Office 365 Exchange Online: POP.AccessAsApp and/or IMAP,AccessAsApp
Released for: Schneider Electric Hong Kong
Need help?
Product Selector
Quickly and easily find the right products and accessories for your applications.
Get a Quote
Start your sales enquiry online and an expert will connect with you.
Where to buy?
Easily find the nearest Schneider Electric distributor in your location.
Help Centre
Find support resources for all your needs, in one place.
