Configuring authentication for the EWS mail client
With the EWS client registered with Azure AD, you can configure its authentication settings, which define how the client will authenticate to receive an Access token on behalf of the user.
📘 Contents
📘 Instructions
There are several supported methods that you can choose to use:
Client certificate: The client certificate option offers the highest level of assurance, as it requires the EWS client to have a digital certificate to prove its identity against a server certificate before it can receive an Access token. However, it also requires you to have an existing client certificate to upload into Azure AD and the corresponding server certificate uploaded to the PrinterOn Server.
This method is only available for on-premise deployments of PrinterOn Enterprise.
For more information on setting up Client certificate authentication for your EWS mail client, Setting up Client Certificate authentication.
Shared client secret: Though not considered as rigorously secure as the client certificate, the shared secret method still offers a high degree of assurance. You need only create a unique secret in Azure AD and then copy that secret into Configuration Manager. Azure AD compares the secret value to its secret value and only returns an Access token if the values match.
For more information on configuring a shared client secret, see Setting up a Client Secret.
ROPC (Resource Owner Password Credential) Flow: With this method, the EWS mail client simply passes the Tenant ID or the OAuth Directory value to Azure AD to receive an Access token.
Note: Because it requires only a single, easily identifiable credential to prove the client’s identity, this authentication method is not considered highly secure and is generally not recommended in production environments unless there is an implicit level of trust between the client and server.
For more information on configuring ROPC Flow authentication, see Setting up ROPC Flow Authentication