Actionable Email

Is there any way to implement Actionable Email in 8.3 Version. If yes can someone help me with this. If we raise any request for role that should go to manager via email and action should also via email without redirecting to UI.

Hi @anusha_mende

Welcome to SailPoint Developer Community!!

As per my understanding this is not currently supported out of the box, the access review should be completed from IIQ. It was deprecated from SSD v7 because of outdated POP and IMAT technology.
Services Standard Deployment (SSD) v7.0.2 - Compass (sailpoint.com)

I Agree with @Jarin_James , however you can still use Email Based Libraries from SSD 6.1 but you will have to customize authentication method to mailbox for O365 as basic Authentication is now not supported. Also keep in mind that Email Based libraries have already depreciated from SSD 7.1 so no support for this from sailpoint.

This would make a neat community plugin, though.

Anybody want to work on it with me?

That would be a nice feature to have!

This actually is quite simple now. But on exchange side, the configuration needs to be done properly.
So the way I have done it (in 7.3 and now need to migrate to 8.3 with newer jars) … is to use Graph APIs to read the email and process the email. Processing of email is still the old way where you matching the from address and the workitemid and then approve/reject the workitem. The graph APIs are standard and if anyone wants help, let me know.

So far due to old jar in 7.3 and plugin classloader acting weird, I was not able to load the MSAL jars in 7.3 in plugin, but with 8.3 using the new MSAL jars already, just need to migrate the Rule code into a Plugin Task.

Some rough notes from last year when I implemented this:

• Graph APIs: Microsoft Graph documentation | Microsoft Learn

  • Authentication concepts: Microsoft Graph authentication and authorization overview | Microsoft Learn

  • Limit permissions over Graph: Limiting application permissions to specific Exchange Online mailboxes - Microsoft Graph | Microsoft Learn

  • Register app: Manage app registration and API permission (deprecated) - Microsoft Graph | Microsoft Learn

  • Permissions for reading any mailbox & Moving email across folders (Make sure to provide admin consent):

    • Enterprise Application : Microsoft Graph → Mail.ReadWrite

  • Restrict access to read over all mailboxes but only to the approval mailbox box:

    • Create Mail Enabled Group: [[email protected]]
    • Put the mailbox into that mail enabled group: [[email protected]] add to the group [[email protected]]
    • Get app id from Azure Portal : 91a62307-54ae-40cb-xxxxx-xxb711
    • Connect EXO: PowerShell: Connect-ExchangeOnline -Credential $creds -ShowBanner:$false
    • Run Command: New-ApplicationAccessPolicy -AppId 91a62307-54ae-40cb-xxxxx-xxb711 -PolicyScopeGroupId [[email protected]] -AccessRight RestrictAccess -Description “Restirct.”

HI @drosenbauer ,

I would love to collaborate with you on this task. Let me know when we can start.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.