Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Connor Banthorpe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide relates to the set up of OAuth 2.0 authentication for the inbox used by RSM InTime to process timesheet approval emails (under System Administration > Email Server Settings). The administrator of your email account should be able to complete the set up of OAuth 2.0 credentials and scopes/permissions. Should you have any queries or issues when completing the email account set up, please contact the relevant provider support as the RSM InTime support team will be unable to assist due to access and visibility restrictions. 

Important note:-  Log in to RSM InTime in an incognito window then do the OAuth Email-Client login step from there. This is often needed to avoid signing in accidently with their own account rather than that of the mailbox they wish to grant access to.

...

You will need to register RSM InTime as an app with the identity platform in Azure Active Directory (Azure AD). Please refer to Microsoft's page on how to register an application which provides more detail on the process below.

...

Login to the Azure Portal and select "Azure Active Directory".

Image RemovedImage Added

Make a note of your Tenant Id and click "App Registrations" on the left.

Image RemovedImage Added


Click "New registration".

Image RemovedImage Added


Give the registration a name (this is for your own information only, something like "InTimeMailClient"), choose "Accounts in this organisational directory only" and in the Redirect URI box, select "Web" and add the following redirect URI: https://<your-intime-domain-here>/oauth2Client/callback/Email-Client

Image RemovedImage Added

Click Save. Make a note of the Application (client) ID  and the Directory (tenant) ID (should be the same as noted earlier).

Image RemovedImage Added


Click "Certificates and secrets" on the left, click "New client secret", enter the descriptive name for this secret and set it to expire in an appropriate period. Click "Add". Note, when the secret expires, you'll have to create a new one and update the RSM InTime configuration.

Image RemovedImage Added


Make a note of the the value in the Value field. This will not be displayed again.

Image RemovedImage Added

Click "API permissions" on the left. Click "Add a permission" and click "Microsoft Graph"

Image Added


Then click Delegated Permissions

Image Added

You''ll then need to add the permissions noted below. They will likely be found in "Delegated Permissions" in the Graph API.Image Removedfollowing permissions sets.

IMAP.AccessAsUser.All

Mail.Read

offline_access

User.Read


Image Added


You should then have the following permissions setup;

Image Added


Log in to RSM InTime in an incognito window, go to Settings → Email Server Settings and enter the details shown below, replacing the email address/username with the email address/username of the mailbox you would like RSM InTime to monitor. Click Save, followed by OAuth 2.0 Settings.


Image RemovedImage Added


You should be on the Integrations page. Click "New".

...

You will be redirected to Microsoft to authenticate and consent, then redirected back to RSM InTime, where the status will show as "Authorised". Now return to Settings → Email Server Settings and confirm that RSM InTime can access your mailbox.

...

Gmail OAuth 2.0 Authentication Guide

...

Gmail Email Account Set Up

  • Set up a GMail Gmail account or use an existing account. This account needs to be the account you intend to use for RSM InTime's email approval feature.
  • Login to the Google API Console (here)
  • Navigate to the Cloud Resource Centre (here)
  • Create a new project
    • Project Name: InTime
    • Location: Select the relevant organization

...

Make a note of the Client ID and Client Secret in the top right of the screen.

RSM InTime OAuth 2.0 Integration Set Up

Once OAuth credentials and scopes have been enabled on your email account, you need to configure the integration within RSM InTime.

  • In RSM InTime, go to System Administration > System > Email Server Settings
  • From the Authentication Method dropdown, select 'OAuth 2.0'
  • Click on 'OAuth 2.0 Settings', this will direct you to the OAuth Integrations screen
  • Click on New and click Create next to 'Email-Client'

...

Click Save and then Back

Click Log In


Log into GMailGmail/Outlook using the email account credentials, allow permission for the app to access the inbox.

Finally within RSM InTime, go to System Administration > System > Email Server Settings

  • Authentication Method: OAuth 2.0
  • Email Server: imap.gmail.com
  • Protocol: imap
  • Port: 993
  • SSL Required: Yes
  • Email Address: Email address to be used for Email Approval within RSM InTime
  • Username: Re-enter email address from above.
  • Password: Enter the password for the email account.


Click Save

Your RSM InTime instance will now be connected to your email server account using OAuth 2.0 authentication. 

...