Using Modern Authentication (oAuth) with Journal Commander 
Journal Commander can be configured to use oAuth to authenticate with Microsoft Office 365, using a Certificate and/or Secret. Below is a video on how to set it up, please see underneath the video for a text step-by-step guide.
Note: oAuth is currently supported over both Exchange and PowerShell endpoints in AS 10 or above.

Note: If you would like to use oAuth, please install Azure Active Directory Powershell Module V2, as oAuth only supports Azure AD PowerShell. For more on this, click here.

Be aware you must select ONE method of authentication with your Archive Shuttle project; either basic authentication or oAuth authentication. Mixed authentication is not available. However, you still require an account with Global Administration rights with Journal Commander 1.0.

Configuring Modern Authentication (oAuth) with a Secret 
Step 1: Get an Application ID. 
To get an application ID: 

  1. Go to https://portal.azure.com and log in to your O365 tenant with an administrator account. 
  2. From the left menu, select Azure Active Directory > App registrations. 
  3. Click New application registration. 
  4. Enter a descriptive name. 
  5. Select the Accounts in any organizational directory option. 
  6. Select Web for the application type under the Redirect URI section. 
  7. Enter the URL value: http://localhost 
  8. Click Register. 
  9. Copy the Application (client) ID and save it somewhere you will remember and securely. You will need it later. 

Step 2: Configure Permissions and Secret 
Configure Application Permissions: Return to the Azure portal and access Azure Active Directory > App registrations > owned applications. Then find the application you created in Step 1 above. 

  1. Select your application, and then select API Permissions. 
  2. Click Add a Permission. 
  3. In the Add API access section > Select an API, choose Microsoft Graph.
  4. Click Delegated Permissions 
  5. In the Permissions list section, Select the Permissions listed in this article to select the required API permissions.
  6. Click Application Permissions.
  7. In the Permissions list section, Select the Permissions listed in this article to select the required API permissions.
  8. Click Add permissions.
  9. Click Grant Admin consent. 

Configure Application Secret: 

  1. Go to Certificates & Secrets and click the New Client Secret button.
  2. Enter a descriptive name. 
  3. Choose an Expiry duration for the Secret. (It is recommended to set the secret not to expire) 
  4. Click Add.
  5. Copy the Secret created and save it somewhere. You will need it later. 

Step 3: Add your Application ID and Secret on the server running the Journal Commander O365 Import module. 
To do this: 

  1. In Journal Commander, open the Credential Editor while logged in as the account the module is running under. 
  2. Select the Office 365 oAuth tab and click Add. 
  3. Enter the Name (free format text), Application ID, Tenant (eg. tenant.onmicrosoft.com) and Secret. 
  4. Save and close the Credential Editor. 
  5. Open the Journal Commander Administrator Console. 
  6. Click Configuration > System Configuration. 
  7. Go to the O365 module settings and enable the option to Use modern authentication (oAuth). 
  8. Restart the O365 module to force settings to take immediate effect. 

Configuring oAuth with a certificate 
Step 1: Get an Application ID. 
To get an application ID: 

  1. Go to https://portal.azure.com and log in to your O365 tenant with an administrator account. 2.
  2. From the left menu, select Azure Active Directory > App registrations.
  3. Click New application registration.
  4. Enter a descriptive name.
  5. Select the Accounts in any organizational directory option.
  6. Select Web for the application type under the Redirect URI section.
  7. Enter the URL value: http://localhost
  8. Click Register.
  9. Copy the Application (client) ID and save it somewhere. You will need it later.

Step 2: Add a certificate to the server running the O365 module. 
For this step you will need a SHA-1 certificate that will be used to establish a secure connection from this workstation to O365. This can be done with a certificate from a trusted certificate authority or a self-signed certificate. Below we assume you do not have a trusted certificate to use and need to create a certificate to use. There are many ways to create a certificate on a Windows server and below we are using PowerShell modules.
To create a self-signed certificate in Windows Server 2016: 

  1. Access the server where the O365 module is installed. 
  2. Launch PowerShell and type the following commands: 

 # Create certificate 

$cert=New-SelfSignedCertificate -Subject “CN=Journal CommanderOAuth” –CertStoreLocation “cert:\CurrentUser\My”-KeyExportPolicy Exportable -Provider ‘Microsoft RSA SChannel Cryptographic Provider’-NotAfter (Get-Date).AddYears(5) 

$password=ConvertTo-SecureString -String “UseSecurePasswordHere”-Force –AsPlainText 

$localPath=’D:/Temp’ 

# Used for authentication -> load it from disk 

Export-PfxCertificate -Cert $cert –FilePath ($localPath.Path+”\Journal CommanderSelf.pfx”) -Password $password 

# Export certificate to a .cer file: 

Export-Certificate -Type CERT -Cert $cert –FilePath ($localPath.Path+”\Journal CommanderServer.cer”) 

* Where “UseSecurePasswordHere” is the desired password of the certificate. 
To add an untrusted certificate to your bridgehead server’s local certificate store: 

  1. Access the server where the O365 module is installed.
  2. Open the certificates manager by start/run certlm.msc 
  3. Expand Trusted Root Certificate Authorities > Certificates. 
  4. Right-click Certificates and select All Tasks > Import… to launch the Certificate Import Wizard. 
  5. Locate the (.cer) certificate file and follow the wizard prompts. 
  6. Supply password, if required. 
  7. Right-click Certificates and select All Tasks > Import… to launch the Certificate Import Wizard. 
  8. Locate the (.pfx) certificate file and follow the wizard prompts. 
  9. Supply the password, if required. 

Step 3: Get a Thumbprint. 
To get a thumbprint: 

  1. Return to the Azure portal and access Azure Active Directory > App registrations > owned applications, and find the application you created in Step 1 above. 
  2. Select your application, and then select API Permissions. 
  3. Click Add a Permission. 
  4. In the Add API access section > Select an API, choose Exchange. 
  5. In the Select permissions > Enable Access section, select the option to Use Exchange Web Services with full access to all mailboxes(full_access_as_app) 
  6. Click Add permissions. 
  7. Click Grant Admin consent. 
  8. Go to Certificates & Secrets and click the Upload Certificate button. 
  9. Upload your certificate file from Step 2. 
  10. Copy the certificate Thumbprint and save it somewhere. You will need it later. 

Step 4: Add your Application ID and Thumbprint on the server running the Journal Commander module. 
To do this: 

  1. In Journal Commander, open the Credential Editor while logged in as the account the module is running under. 
  2. Select the Office 365 oAuth tab and click Add. 
  3. Enter the Name (free format text), Application ID, Thumbprint, and Tenant (eg. tenant.onmicrosoft.com) 
  4. Save and close the Credential Editor. 
  5. Open the Journal Commander Administrator Console. 
  6. Click Configuration > System Configuration. 
  7. Go to the O365 module settings and enable the option to Use modern authentication (oAuth). 
  8. Restart the O365 module to force settings to take immediate effect.
Print Friendly, PDF & Email