Konfiguration Authentication Code Flow (delegated) MS Graph API [ENG]

Konfiguration in Squeeze

~~Diese~~This ~~Konfigurationsoberfläche~~configuration ~~wird~~interface abis ~~der~~provided ~~Version~~as of version 2.3.~~0 bereitgestellt.~~0.

~~Wenn~~If ~~Sie~~you ~~diese~~want ~~Authentifizierungsmethode~~to ~~nutzen~~use ~~möchten,~~this ~~stellen~~authentication ~~Sie~~method, ~~sicher,~~make ~~dass~~sure ~~der~~that ~~Interne~~the ~~Job~~Internal job refresh-tokens ~~aktiviert~~is ~~ist.~~enabled. ~~Dies~~This ~~ist~~is ~~weiter~~documented ~~unten~~further imdown ~~Artikel~~in ~~dokumentiert.~~the article.

~~Wie~~As ~~man~~you ~~nun~~can ~~erkennt,~~see ~~kann man~~now, in ~~der~~the ~~Konfigurations-Oberfläche~~configuration ~~unter~~interface ~~Protokoll~~under ~~zwei~~Protocol ~~Arten~~you ~~der~~can ~~Anbindung~~choose zutwo types of connection to Microsoft(MS) Graph ~~API wählen:~~API:

~~Für~~For ~~den~~the ~~delegierten~~delegated ~~Autorisierungsprozess~~authorization ~~wählen~~process ~~wir~~we select Microsoft Graph API ~~Delegated.~~Delegated. ImIn ~~nächsten~~the ~~Schritt~~next ~~füllen~~step ~~wir~~we ~~die~~fill ~~Felder~~in the Client ID, Client ~~Secret die~~Secret, Tenant ID ~~und~~and ~~die~~the ~~restlichen~~rest ~~Felder.~~of the fields.

OrdnerFolder - KonfigurationConfiguration

~~Bei~~In ~~der~~the ~~Ordnerkonfiguration~~folder ~~müssen~~configuration ~~Sie~~you ~~drei~~need ~~Ordner~~to ~~angeben~~specify three folders

~~Posteingang~~Inbox
~~Dieser~~This ~~Ordner~~folder ~~wird~~is ~~regelmäßig~~regularly ~~überprüft,~~checked umto ~~die~~import ~~enthaltenen~~the ~~Emails~~emails zuit ~~importieren.~~contains.
~~Verarbeitet~~Exported
InThe ~~diesen~~successfully ~~Ordner~~imported ~~werden~~emails ~~die~~are ~~erfolgreich~~moved ~~importieren~~to ~~Emails~~this ~~verschoben.~~folder.
~~Fehler~~Error
InThe ~~diesen~~emails ~~Ordner~~that ~~werden,~~could ~~die~~not ~~Emails~~be ~~abgelegt, die nicht importiert werden konnten~~imported (~~z.B.~~e.g. ~~fehlende~~missing ~~Anlagen)~~attachments) are moved to this folder.

~~Bei~~When ~~der~~defining ~~Definition~~the ~~der~~folders, ~~Ordner~~please ~~achten~~make ~~Sie~~sure ~~bitte~~that ~~darauf,~~the ~~dass~~names ~~die~~of ~~Namen~~the ~~der~~folders ~~Ordner~~must ~~eindeutig~~be ~~sein~~unique, ~~müssen,~~because dathe ~~die~~folders ~~Ordner~~are searched in ~~der~~the ~~Verzeichnisstruktur~~directory ~~des~~structure ~~Postfachs~~of ~~gesucht~~the ~~werden.~~mailbox.
If
~~Ist~~a ~~ein~~configured ~~konfigurierter~~folder ~~Ordner~~is ~~nicht~~not ~~eindeutig~~unique, ~~kann~~this escan ~~dies~~lead ~~dazu~~to ~~führen,~~a ~~dass~~different ~~ein~~folder ~~anderer~~being ~~Ordner~~used ~~genutzt~~than ~~wird,~~the ~~als~~desired ~~der gewünschte.~~one.

KonfigurationConfiguration in AAD (Azure Active Directory)

~~Weitere~~Other ~~notwendige~~necessary ~~Schritte~~steps ~~für~~for ~~ein~~a ~~reibungslosen~~smooth ~~Ablauf~~process ~~sind~~are ~~die~~the ~~Einrichtung~~setup ~~einer~~of ~~Azure-Active-~~an Azure Active Directory Application
~~mit~~with ~~einem~~a Client Secret. ~~Die~~The ~~Globale~~global ~~Registrierung~~registration ~~eines~~of ~~Mail-Dienstes~~a ~~der~~mail service of "Dexpro" imin ~~Azure-Active-Directory~~ the ~~des~~Azure ~~Kunden,~~Active ~~wird~~Directory ~~vorerst~~of ~~nicht~~the ~~angeboten.~~

~~Zudem~~customer ~~muss~~is ~~darauf~~not ~~geachtet~~offered ~~werden~~for ~~dass~~the ~~die~~time ~~Application~~being.

~~folgende~~

In ~~Scopes~~addition, ~~besitzt.~~it must be ensured that the application has the following scopes.

~~Anders als~~Unlike in ~~den~~the Permission ~~für den~~for Client Credential ~~Flow~~Flow, ~~ist~~any ~~jegliche~~permission ~~Permission~~here ~~hier~~is ~~beschränkt~~limited ~~auf~~to ~~den~~the ~~autorisierenden~~authorizing ~~User.~~user.

~~Merke:~~Note: ~~Wenn~~If ~~auf~~a ~~ein~~shared ~~Shared-~~mailbox is to be accessed, the shared mailbox must be entered under Mailbox ~~Postfach~~and ~~zugegriffen werden soll, muss das Shared-Mailbox Postfach unter Postfach eingetragen werden und die~~the Application Permission Mail.Read.Write.Shared ~~muss~~must ~~konfiguriert~~be ~~werden.~~configured.

~~Denken~~Remember ~~Sie~~that ~~daran,~~the ~~dass~~shared ~~die~~mailbox ~~Shared-Mailbox~~will ~~auch~~also ~~Ihrer~~be ~~Email-Aktivierten~~added ~~Sicherheitsgruppe~~to ~~hinzugefügt~~your ~~wird,~~Email ~~wenn~~Enabled ~~Sie~~security ~~eine~~group ~~eingerichtet~~if ~~haben.~~you have one set up.

~~Ebenfalls~~Another ~~ein~~significant ~~maßgebender~~difference ~~Unterschied~~to ~~zum~~the Client Credential Flow ~~ist~~is ~~hier~~the ~~die~~use ~~Verwendung~~of ~~einer~~a Redirect URI.
~~Diese~~This Redirect URI ~~wird~~is created in ~~der~~the ~~AzureActive-Directory~~AzureActive ~~unter~~directory ~~der~~under the Application imin ~~Reiter~~the Authentication ~~angelegt:~~tab:

~~Schema~~Scheme Redirect URI: https://Ihr.vollwertiger.DomainName/api/v2/importers/email/authenticate/end

~~Merke:~~ Note:~~Ein~~ A Squeeze ~~Mandant~~client ~~benötigt~~always ~~immer~~requires ~~eine~~an ~~Azure-Active-~~Azure Active Directory ~~Application~~application ~~mit~~with ~~jeweils~~a ~~einer Redirect~~redirect URI.
~~Das~~This ~~bedeutet~~means ~~Sie~~that ~~müssen~~you ~~für~~must ~~jeden~~create ~~Mandanten~~an ~~eine~~application ~~Application~~for ~~anlegen.~~each client.

AutorisierungsprozessAuthorization Process Authentication Code Flow

~~hat~~Once ~~man~~you ~~nun~~have ~~seine~~configured ~~Application~~your imapplication in the AAD ~~konfiguriert~~and ~~und~~entered ~~alle~~all ~~notwendigen~~the ~~Daten~~necessary data in ~~die~~the ~~Konfigurationsoberfläche~~configuration ~~getippt~~interface, ~~kann~~you ~~man~~ can ~~nun~~save ~~seine~~your ~~Konfiguration abspeichern.~~configuration.

~~Nun~~Now ~~öffnet~~another ~~sich~~dialog ~~ein~~box ~~weiteres Dialog Feld :~~opens:

~~Das~~The ~~System~~system ~~hat~~has ~~Ihre~~saved ~~Konfiguration~~your ~~gespeichert,~~configuration, ~~den~~but ~~Prozess~~you ~~der~~need ~~Authentifizierung~~to ~~müssen~~start ~~Sie~~the ~~jedoch~~process ~~separat~~of ~~über~~authentication ~~einen~~separately ~~Button~~using a button in ~~der~~the ~~Email~~email ~~Konfiguration~~configuration. ~~starten.~~For ~~Hierfür~~this ~~wählen~~purpose ~~Sie~~please ~~bitte~~select ~~den~~the ~~folgenden~~following ~~Button:~~button:

~~Nach~~After ~~einem~~clicking ~~Klick~~this ~~auf~~button, ~~diesen~~you ~~Button~~will ~~werden~~now ~~Sie~~be ~~nun~~redirected ~~zur~~to ~~Oberfläche von~~the Microsoft ~~weitergeleitet.~~interface. ~~Dort~~There, ~~beginnt~~the ~~der~~authentication ~~Authentifizierungsprozess~~process ~~befolgen~~begins. ~~Sie~~Follow ~~die~~Microsoft's ~~Anweisungen von Microsoft:~~instructions:

~~Geben~~Enter ~~Sie~~your ~~ihre~~email ~~Email-Adresse an.~~address.

~~Geben~~Enter ~~Sie~~your ~~Ihr Passwort ein:~~password:

JeDepending ~~nach~~on ~~Unternehmen~~the ~~werden~~company, ~~Sie~~you ~~ebenfalls~~may ~~aufgefordert~~also ~~eine~~be asked to perform 2-~~Faktor-Authentifizierung~~factor ~~durchzuführen.:~~authentication:

~~Sobald~~Once ~~Sie~~you ~~Authentifiziert~~are ~~sind,~~authenticated, ~~werden~~you ~~die~~will ~~Berechtigungen~~be ~~abgefragt~~prompted ~~und~~for ~~Sie~~permissions ~~werden~~and ~~aufgefordert~~asked ~~diese~~to ~~Berechtigungen~~confirm zuthose ~~bestätigen.~~permissions. ~~Nach~~After ~~Ihrer~~your ~~Bestätigung leitet~~confirmation, Microsoft ~~umgehend~~will ~~zurück~~immediately ~~zur~~redirect ~~Squeeze-Oberfläche.~~you back to the Squeeze interface.

~~Die~~The ~~Oberfläche~~interface ~~wird~~will ~~Ihnen~~now ~~nun~~show ~~anzeigen~~you obif Squeeze ~~nun~~is ~~Autorisiert~~now ~~ist~~authorized ~~oder~~or obif ~~ein~~an ~~Fehler~~error ~~aufgetreten~~has ~~ist:~~occurred:

~~Nun~~Now ~~können~~you ~~Sie~~can ~~die~~test the mail connection by clicking the Mail ~~Verbindung~~Connection ~~testen~~Test ~~Indem Sie den Mail Verbindungstest Button~~button in ~~der~~the ~~Oberfläche bedienen.~~interface.

Job-KonfigurationConfiguration

~~Die~~The ~~Verwendung~~use ~~dieses~~of ~~Authentifizierungsverfahrens~~this ~~erfordert,~~authentication ~~dass~~method ~~ein~~requires ~~seperater~~that ~~Job~~a ~~aktiviert~~separate ~~ist,~~job ~~welcher~~is imactivated, ~~Hintergrund~~which ~~die~~keeps ~~Zugriffsdaten~~the ~~für~~access ~~die~~data for the Graph API ~~aktuell~~up-to-date ~~hält.~~in the background.

~~Hierfür~~For ~~finden~~this ~~wir~~purpose, we find the new script named refresh-tokens in ~~der~~the ~~Administration~~administration ~~unter "Skripte" das neue Skript mit den Namen~~under ~~refresh-tokens~~"Scripts":

~~Dieses~~You ~~Skript~~can ~~kann~~run ~~man~~this zuscript ~~jedem~~manually ~~Zeitpunkt~~at ~~manuell~~any ~~ausführen.~~time.

~~Sie~~You ~~müssen~~need ~~für~~to ~~dieses~~set ~~Skript~~up ~~einen~~a ~~Job~~job ~~einrichten,~~for ~~der~~this ~~häufig~~script ~~genug~~that ~~ausgeführt~~runs ~~wird,~~frequently umenough ~~ein~~to ~~Ablaufen~~prevent ~~der~~the ~~Zugriffsdaten~~access zudata ~~verhindern.~~from Imexpiring. ~~Standard~~By ~~sind~~default, ~~Refresh-Token~~refresh ~~von~~tokens from Microsoft are valid for 1 ~~Tag~~day, ~~lang~~so ~~gültig~~,you esshould ~~sollte~~try ~~also~~to ~~mehrmals~~refresh amthe ~~Tag~~access ~~versucht~~data ~~werden~~several ~~die~~times ~~Zugriffsdaten~~a ~~zu aktualisieren.~~day.

~~Wir~~We ~~empfehlen~~recommend ~~den~~running ~~Job~~the ~~jede~~job ~~Stunde~~every ~~auszuführen:~~hour:
~~Cron-Ausdruck~~Cron ~~für~~expression ~~den~~for ~~Job:~~the job: */50 * * * *.

~~Wie~~How ~~Jobs~~to zuconfigure ~~konfigurieren~~jobs ~~sind,~~is ~~ist~~documented ~~hier dokumentiert:~~here:

Fragen und Antworten

WasWhat passierthappens wennif derthe Jobjob ausfällt ?fails?

~~Ist~~If ~~der~~the ~~Job~~job ~~durch~~did ~~unvorhersehbare~~not ~~Gründe~~run ~~nicht~~due ~~gelaufen~~to sounforeseen ~~müssen~~reasons ~~Sie~~you ~~sich~~have ~~neu~~to ~~Authentifizieren~~re-authenticate ~~mit~~using ~~dem~~the ~~Authentifizierung-Button~~authentication button in ~~der~~the ~~Email-Konfiguration~~email configuration.

KannCan ichI einfachjust meinechange Postfachmy mailbox in derthe Konfigurationconfiguration ändernand unddo mussI ichhave danachto wasdo tunanything ?after that?

~~Sobald~~As ~~Sie~~soon ~~die~~as ~~Konfiguration~~you ~~ändern~~change ~~oder~~or ~~abspeichern,~~save ~~weist~~the ~~die~~configuration, ~~Anwendung~~the ~~Sie~~application ~~darauf~~prompts ~~hin,~~you ~~ein~~to ~~neuen~~initiate ~~Authentifizierungsprozess~~a ~~einzuleiten.~~new authentication process.
~~Lehnen~~Reject ~~Sie~~this ~~dieses~~request. ~~Aufforderung~~You ~~ab.~~still ~~Haben~~have ~~Sie~~the ~~immernoch~~option ~~die~~to ~~Möglichkeit~~press ~~den~~the ~~Authentifizierungsbutton~~authentication ~~zu betätigen.~~button.

KannCan ichI meineuse Azure-Active-my Azure Active Directory Application fürfor mehreremultiple Squeeze Mandanten nutzen ?clients?

~~Nein,~~No, ~~die~~using ~~Verwendung einer~~one Application (AAD) ~~für~~for ~~mehrere~~multiple ~~Mandanten~~clients ~~ist~~is ~~nicht~~not ~~Möglich,~~possible ~~solange~~as ~~die~~long ~~Mandanten~~as ~~unter~~the ~~anderen~~clients ~~Domänen~~are ~~erreichbar~~accessible ~~sind.~~under other domains.
~~Beispiel:~~Example:
1 ~~Mandant:~~client:

test.~~mandant.~~client.squeeze.one

2 ~~Mandant:~~client:

test2.~~mandant.~~client.squeeze.one

In ~~diesem~~this ~~Beispiel~~example ~~kann~~we ~~man~~cannot ~~keine~~use ~~Application~~an ~~verwenden,~~application, dabecause ~~wir~~we ~~pro~~can ~~Application~~only ~~nur~~address ~~einen~~one ~~Mandanten~~client ~~ansprechen~~per ~~können.~~application. ~~Ein~~Authentication ~~Authentifizierung bei~~with Microsoft ~~würde~~would ~~ggf.~~only ~~immer~~run ~~nur~~on ~~auf~~one ~~einen~~client ~~Mandanten~~at ~~laufen.~~a time.

DuYou ~~hast~~have ~~die~~the ~~Möglichkeit~~possibility ~~mehrere~~to ~~Postfächer~~use ~~mit~~multiple ~~der~~mailboxes ~~selben~~with ~~Application(~~the same application (AAD), zuthere ~~nutzen,~~are ~~dort~~no ~~gibt es keine Begrenzungen.~~limits.