Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.

Leverage Azure AD (Active Directory) as identity provider for MS Exchange Online

renat_isch
Alteryx
Alteryx

Alteryx 2022.3 release introduced Azure Active Directory (Azure AD) authentication support, Single Sign-On (SSO), for Microsoft ExchangeOnline. This update allows users to authenticate to ExchangeOnline with Azure AD accounts. This Designer release enables users leverage two types of Azure AD application configurations to access your ExchangeOnline account: single-tenant and multi-tenant application. This post covers single-tenant application configuration, whereas the multi-tenant configuration is captured in this post.

 

To access ExchangeOnline with Azure AD accounts, users are require to have the following configuration in place:

  • Azure Active Directory account linked with Microsoft ExchangeOnline service - make sure your ExchangeOnline service has been deployed for the tenant user;

Single-tenant application setup

In this post we will cover how to:

  • Register and configure single-tenant OAuth application in Azure AD tenant;

  • Obtain required Azure AD application details;

  • Access ExchangeOnline using Azure AD identity from Alteryx Designer;

Please note, the following example is intended for demonstration purposes only. We recommend engaging your systems team to help you with configuration. This example covers single-tenant OAuth implementation that is only intended for authentication of users existing within same Azure tenant.

Now that we’re clear about what we need, let’s focus on what we need to do to access above details.

 

Register and configure single-tenant OAuth application in Azure AD tenant

Go to your Azure AD portal, select Active Directory which you want to use with ExchangeOnline, and click on App registrations tab

Screenshot 2023-02-16 at 15.14.26 (1).png

 
  • Click on New registration and provide a descriptive name e.g. MS Exchange.
  • Select single-tenant as supported account types that can use this application;
  • Set type to web, Redirect url to http://localhost and click register;
  • On the overview page, copy and save the id of the client application. This will be known as your “client id”.

Screenshot 2023-02-16 at 18.53.22.png

 

Next, go to Certificates and Secrets and generate a new secret for this application. Save the value of the secret, you will need it later. This value will be known as “client secret”

 

Screenshot 2023-04-25 at 11.18.44.png

 

Now that we created our client secret, go to “API permissions” tab, available on your left hand side.

Click on Add permission, select “APIs my organisation uses” and add type in the following value: Office 365 Exchange Online. At this step, you should see Office 365 Exchange Online on the list of available apis. Set type to Delegated Permissions

 

Screenshot 2023-04-25 at 11.22.34.png

 

Next, scroll down to mail section and set scope to Mail.Send.All. This will entitle the app to issue tokens with permissions to send emails on behalf of users. Click add permission.

Screenshot 2023-04-25 at 11.24.24.png

 

Grant admin consent for Default directory

 

Screenshot 2023-04-25 at 11.26.08.png
 

Now that we configured our OAuth application and assign it with right permissions, make sure to verify you’ve collected the following details:

  • Azure AD tenant ID

  • MS Exchange client ID

  • MS Exchange client secret

Additionally, you will need the following ExchangeOnline details:

Access ExchangeOnline with Azure AD account

You can now access your data in ExchangeOnline from Alteryx Designer using your Azure AD account. Simply drag and drop Email tool, check “Use Data Connection Manager (DCM)” box and fill out required details. Set encryption to STARTTLS. Click Save.

 

Screenshot 2023-04-25 at 11.35.07.png

 

Next, select Azure AD authentication method and provide the details we collected earlier to configure connection with your OAuth application. Create and link your credentials with connection.

 

Screenshot 2023-04-25 at 11.37.30.png

 

After filling out above details and clicking connect, you will be redirected to the Azure AD login page. You will be prompted to login with your Azure AD account and grant this application required permissions. Once done, you will successfully obtain access to your ExchangeOnline service.

3 REPLIES 3
elliottwood
6 - Meteoroid

Does not solve email sender issues in update 2023.1. The process for these emails should have remained the same since it was never broken. This does not add any use value to the email functionality. 

Qiu
20 - Arcturus
20 - Arcturus

@renat_isch Thank you for sharing this!

renat_isch
Alteryx
Alteryx

Hi @elliottwood , thanks for your message. Microsoft announced deprecation of basic authentication support for SMTP, please refer to this page.

 

SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible. Other options for sending authenticated mail include using alternative protocols, such as the Microsoft Graph API.

 

Therefore, to allow our users continue using ExchangeOnline service, our 22.3 release introduced support for token based authentication for ExchangeOnline leveraging MS GraphAPI. 

 

@elliottwood, feel free to share with us the sender issue you're referring to. 

Labels