Configuring a REST API credential for sending emails using OAuth2.0 authentication

WhatsUp Gold now offers OAuth 2.0 as an updated, more secure option for authenticating emails originating from WhatsUp Gold. To use OAuth 2.0 as your preferred authentication method, you'll need to:

• Register WhatsUp Gold as a client application with Microsoft Azure

Caution: The procedure steps applicable to registering the application with Microsoft Azure are performed outside of WhatsUp Gold. They are deemed to be accurate at the time of the v22.1 release.

• Create a REST API credential that uses OAuth 2.0 as its Auth Type, Authorization Code as its Grant Type, as well as additional information obtained during registration with Azure.
• Configure/Update your default email settings in WhatsUp Gold.
• Update existing discovery email settings, email actions, and scheduled reports set up to send emails.

To register WhatsUp Gold with Azure:

1. Open an internet browser and navigate to the App registrations page in Microsoft Azure.
2. Click New registration.
3. Enter a Name for the application you are registering.
4. Select Accounts in this organizational directory only (Single tenant) as the Supported account type.
5. For Redirect URI, select Web from the Select platform drop-down menu and enter http://localhost/NmConsole/OAuth2/Permissions or https://<host>:<port>/NmConsole/OAuth2/Permissions as the URI .

   Note: Exchange Online requires the usage of HTTPS for Redirect URIs if you are not using localhost.

6. Click Register. This launches a new page displaying information about your new application.
7. Click API permissions.
8. Click the ... icon to the right of Microsoft Graph / User.Read, then select Remove permission.
9. Click Add a permission.
10. Click Microsoft Graph.
11. Click Delegated permissions.
12. Use the applicable checkboxes at left to enable the email and offline_access permissions under the Openid permissions heading as well as the SMTP.Send permission under the SMTP heading.
13. Click Add permissions.
14. Click Certificates & secrets.
15. Click New client secret.
16. Enter a description for the new client secret in the field provided.
17. Select an expiration time frame for the new client secret from the drop-down list.
18. Click Add
19. Select and copy the Value for the Client secret generated by Microsoft Azure.

    Important: The Client secret Value can only be viewed immediately after it has been generated. Retain this Value prior to exiting the Certificates & secrets page.

To create a REST API credential for sending emails using OAuth2.0 authentication:

1. Return to WhatsUp Gold, then select Libraries > Credentials from the SETTINGS main menu to launch the Credentials Library.
2. Click the + icon, then select REST API from the list of credential types that appears. This launches the Add REST API Credential configuration dialog.
3. First, provide a Name and Description for your new credential.
4. Select OAuth2.0 as the Auth Type.
5. Select Authorization Code as the Grant Type.
6. Return to your application Overview page in Microsoft Azure, then select Endpoints.
7. Copy the OAuth 2.0 authorization endpoint (v2) and the OAuth 2.0 token endpoint (v2), return to WhatsUp Gold, then paste the endpoints in their respective fields in the REST API Credential configuration dialog.
8. Copy the Application (client) ID, return to WhatsUp Gold, then paste it in the Client ID field in the REST API Credential configuration dialog.
9. Enter the client secret Microsoft Azure generated when registering the application in the New Client Secret field.
10. Enter offline_access https://outlook.office.com/SMTP.Send in the Scope field. (This represents the API permissions you previously specified for the application in Microsoft Azure.)
11. Click Authorize. This launches a Microsoft authorization dialog.
12. When prompted, select a user account, then click Accept to grant the specified permissions.

See Also REST API Credential Configuring a REST API credential for monitoring Flowmon appliances