Email Configuration

This tab enables to set email configurations. Before configuring ensure that an SMTP Server has been set up on
the network.

To view Email Configuration page, go to Admin module > System Configuration > Email Configuration and the
following screen appears.

Enter the following parameters:

• SMTP Server: Specify the IP Address or name of the configured SMTP server. Check the server
availability with your network administrator.

You can use Gmail SMTP Server if Internet connection is available.

• SMTP server : smtp.gmail.com

• SMTP Port: 587(POP3)/993 (for imap)
• Email ID: gmail id of the user

• SMTP Port Number: Specify the TCP port for the SMTP service as set on the SMTP server.

• Incoming Mail Protocol: In the event of activating the approve/reject links in the leave application alerts
the user needs to specify the mail protocol for the incoming mails.

• POP3/IMAP Server: Specify the IP Address or name of the configured POP3 or IMAP server.

• POP3/IMAP Port Number: Specify the appropriate incoming port for the SMTP service as set on the
SMTP server.

212 Matrix COSEC System Manual

 • Sender E-mail ID: Mention the Email ID of the sender.

• Sender Display Name: Specify the user name as to be displayed in the emails.

• Authentication: Select a desired method of authentication from the drop down list — Basic Authentication
and Modern Authentication.

• Basic Authentication: It provides a simple mechanism to perform authentication.

Basic Authentication works by prompting a web server user for a username and password.

It repeatedly sends username and password on each request which will be stored in the server to avoid
constantly prompting the user for their credentials.

Also, all the information is sent over the network in an unencrypted format.

Any password sent using Basic Authentication can easily be decoded making it vulnerable to replay
attacks which proves, it is not a secure method of authentication.

If you select Basic Authentication, configure the following:

• User Name: Specify the user name as set in the outlook account.

• Password: Specify the password as set in the outlook account.

• Modern Authentication: It is a combination of authentication and authorization between client and

server.

Matrix COSEC System Manual 213

Pre-requisites for Modern Authentication

Microsoft 365 Configuration

Make sure you have Internet connectivity in your PC.

• Enter the portal.azure.com in your Web Browser.

• Create Microsoft Azure Account.

Make sure the Sender Email ID in COSEC Server and the Microsoft Account Email ID are same.

• Login in to Microsoft Azure Account.

214 Matrix COSEC System Manual

 • Click Azure Active Directory.

• Click App Registration on the left pane.

• Click New Registration.

Matrix COSEC System Manual 215

 Configure the parameters as mentioned below:

• In Name, enter the name you wish to assign.

• Under Supported Account Types, select the options Accounts in any organizational directory
(any Azure AD Directory + Multitenant) and personal Microsoft Account (eg. Skype, Xbox)

• Redirect URI (Optional), select the options Public client/native (mobile & desktop) and enter the IP
Address/Domain Name of the Cosec Server in the format https://172.16.2.175/cosec/login/
ReceiveAuthorizationToken.

216 Matrix COSEC System Manual

 • Click Overview in the left pane and the Client ID and Tenant ID is visible.

• Click Endpoints.

• You can view the Access Token URL and Authorization URL

Matrix COSEC System Manual 217

 Authorization URL

Access Token URL

If any user is having multiple tenants then replace the word common with the tenant ID in Authorization
URL and Access Token URL.

• Click API Permissions in the left pane and then click Add Permission.

218 Matrix COSEC System Manual

 • In Request API permissions window, click Microsoft Graph, then click Delegated Permissions.

• Select the check boxes of the list of permissions displayed in the below screen.

Once the permissions are added, click Grant admin consent for matrix.

• Click Certificates and secret on the left pane. Then click New Client secret.

Matrix COSEC System Manual 219

 • Enter the Client Secret description and Expires. Then click Add.

• The secret will be visible short time period, hence make sure you copy the same.

220 Matrix COSEC System Manual

 • Now, in the Cosec Server click Admin module > System Configuration > Email Configuration (refer
“Modern Authentication - Microsoft 365 Configuration” and enter the following details as displayed in the
screen below:
• Authorization URL
• Access Token URL
• Client ID
• Client Secret
• Redirect URL
• Scope

Matrix COSEC System Manual 221

 • Click Get Token.

• The Microsoft Sign in pop ups appears. Enter the Microsoft Email ID and then enter the Password.

• Click Allow (this is to grant the Read/Write Permission). Then the Access Token Retrieved Successfully
pop up appears.

222 Matrix COSEC System Manual

 • Click OK.

The Access Token and Refresh Token will be updated automatically in the Email Configuration page in the
Cosec Server.

Modern Authentication - Microsoft 365 Configuration

Modern Authentication does not allow servers to save Microsoft 365 account details.

To authenticate, a user needs to log in to their account using standard Microsoft 365 login and accept the
application’s request to access the account.

Access is granted on the basis of tokens which gives a strictly defined permission scope which is accepted by
the user.

User receives two tokens namely — Access Token and Refresh Token.

• Access Token: This is the most important Token, as on the basis of this, the third party application is
allowed access to user data as well as gain access to O365 services.

This token needs to be sent by the client as a parameter or as a header in the request to the third party
resource server.

It has a limited lifetime, which is defined by the authorization server.

It must be kept confidential to restrict its misuse by unauthorized entity.

• Refresh Token: This token is issued along with the Access Token but unlike the latter, it is not to be sent in
each request from the client to the third party resource server.

When an Access Token expires, the Office client will present the Refresh Token to Azure Active Directory
(Azure AD) and request for a new Access Token.

Matrix COSEC System Manual 223

 We recommend you to use Modern Authorization to avoid any security breach.

Configure the following parameters for Modern Authentication:

• Provider: It displays the name of the provider which is Microsoft Office 365.

• Grant Type: It refers to the way an application gets an Access Token.

This field is non-configurable and displays Authorization Code as the Grant Type.

Authorization Code is used only to be returned to exchange for an Access Token. It keeps this token
hidden from the user client as it could be potentially exposed to the malicious agents trying to steal the
token for nefarious means.

When you select Modern Authentication as a method of Authentication, you need to configure Get Token
parameters.

Get Token

• Authorization URL: This command sends the URL to the endpoint of the Authorization Server that
authenticates user credentials.

Enter the URL of the authorization endpoint.

Format: https://login.microsoftonline.com/common/oauth2/v2.0/authorize

• Access Token URL: This command sends the URL to the endpoint of the Authentication Server that is
used to exchange the Authorization Code for Access Token.

Enter the Access Token URL.

Format: https://login.microsoftonline.com/common/oauth2/v2.0/token

• Client ID: Enter the application’s Client ID, issued during the client application registration provided by
the Azure AD.

• Client Secret: Client Secret is a secret string that the application uses to prove its identity while
requesting a token. It is also know as Application Password.

It ensures that the request to get the Access Token is made only from the application and not from a
potential attacker that may have intercepted the authorization code.

Enter the application’s Client Secret. The Client Secret is issued to the client during the Application
registrations process.

It will be in an encrypted format like a Password field.

• Redirect URL: It tells the authorization server where to send the user back to after they approve the
request.

It extracts the Authorization Code/ Access Token.

224 Matrix COSEC System Manual

 The Redirect URL will be displayed in this field. The authentication response will be returned to the
configured URL after successfully authenticating the user.

Redirect URL: https://<Domain URL for COSEC Login>/Login/ ReceiveAuthorizationToken

• Scope: It is one or more space-separated strings indicating the permissions, the application is
requesting. The specific OAuth API you are using will define the scopes that it supports.

Scopes are set of permissions granted for each Client to access a specific data. It may have space-
delimited values.

Enter Scope of the access request.

Format: offline_access https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/

IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send https://outlook.office.com/Mail.Read

• Client Credential: It defines whether to send client credentials as basic authorized header or as a
plain text in the request body.

Select a desired option from the drop down list — In Basic Auth Header or Request Text.

Click Get Token. Once you click this button, you need to sign in to your Microsoft account and then all the
parameters in the request will be verified ensuring the Authentication Code has not expired and that the
Client ID and Client Secret is a match.

After the verification process is completed, the Authorization Server will generate and return the Access
Token and Refresh Token in the response.

• Access Token: It displays the Access Token received in the response received from the Authorization
Server or Access Token Server. To know more about Access Token, refer Access Token under Modern
Authentication on page 223.

Matrix COSEC System Manual 225

 • Refresh Token: It is obtained in the response received from the Authorization Server or Access Token
Server. To know more about Refresh Token, refer Refresh Token under Modern Authentication on
page 223.

• Alert Cycle: Specify the time in seconds between successive send attempts when the system tries to send
the pending messages.

• Retry Count: Specify the number of times the system needs to retry to send the same Email message in
the event of an unsuccessful attempt.

• Active Days: Specify the number of days the system needs to keep the unsent messages active in the
event of the service being stopped.

• Enable SSL: If you are using an external SMTP server like Gmail, then select the check box to enable.

• Disable Sending Mail: Select the check box to temporarily disable the email sending functionality.

• Email Reading Interval: Specify the desired duration (in minutes). This is the duration after which the Alert
Service to fetch the data from the database.

• Delete Mail: Select the desired option from the drop-down list. Options are All, Server, None.

• Select All to delete all the mails related to the Server and personal. This is applicable if the set Email
Reading Interval is less than or equal to 30 minutes.

• Select None to delete none of the mails.This is applicable if the set Email Reading Interval is equal to
30 minutes.

• Select Server to delete all the emails from the server as soon as they are downloaded by the
client.This is applicable if the set Email Reading Interval is equal to 30 minutes.

• Auto Forward Email Id: If a user selects either delete mail as All or Server, before deleting the mails, it
will be auto forwarded to the configured email ID.

If mail is successfully forwarded, then the mail will be deleted from the inbox of the Server & log will be
added in Alert view in Admin> Views/Logs> Alert view.

If mail is not forwarded due to incorrect E-mail Id (with valid characters), then the mail will be deleted from
the inbox of the Server & log will be added in Alert view in Admin> Views/Logs> Alert view.

Once the above settings are done click Save button.

Test Mail

• E-mail ID: Specify the email id on which the test mail can be sent. Click Send Test Mail button to
send the test mail.

For each tenant, you can send upto 10 test emails in one minute. Thereafter the message “Maximum count
reached. Please try after sometime” will be displayed.

226 Matrix COSEC System Manual