How would the Office365 administrator approve permission requests
Introduction
This documentation is provided in the advent that the Office365 is configured to require administrator approval to provide the required permissions. This would be set when the Do not allow user consent option is selected under the Consent and permissions, User consent settings page.
Approval Process
Once the permissions has been requested via the request page. The request for the Hornbill Office365 Mail Connector application will appear in the administrator's Admin consent requests list.
NOTE: For Supportworks, instead of Hornbill Office365 Mail Connector, it would be Supportworks Office365 Mail Connector.
The administrator can then see the details of the request by selecting Hornbill Office365 Mail Connector.
The administrator can see the details of the request by selecting Review permissions and consent.
After the administrator is satisfied that the actions are safe, clicking on the Accept button would then allow the users to use the Hornbill Office365 Mail Connector application by given the application the required permissions to function.
Admin pre-consent option
If your tenent has a very strict security configuration, it may be possible to have the admin pre-approve the necessary rights. Once the rights are pre-approve, connecting the keysafe entry should either no longer require consent or just a basic user consent.
To use this option, perform the following steps:
- Open the following link in a private/incognito window.
- The above link would open a webpage requesting login to a user account, ensure the following:
- that the opened page is a secured page originating or coming from Microsoft.
- the account that would be logged in, must be the tenent's azure administrator.
- Review the succeeding pages, and provide consent.
Known issue
Once the consent has been given, the resulting message would be No ESP_AUTH context found. This indicates that this operation has succeeded. This resulting page would be improved upon in the near future.
NOTE: Once the administrator has permitted the request, * For Hornbill: the connect action of KeySafe has to be performed again. * For Supportworks: the Link operation of the [Connecting the Mailbox to Third-Party Internet Mail Services] has to be performed again.