Modern Authentication and Email in Version 6.3

Email configuration in Case Manager has changed with the release of version 6.3 due to a shift towards Modern Authentication.

What is Modern Authentication?

Modern authentication is an umbrella term for a combination of authentication and authorization methods, including access security procedures that you may already be familiar with. It applies to transactions between a client (for example, your computer or your phone) and a server (where your data lives).

It includes:

  • Authentication methods such as Microsoft's Multi-factor Authentication (MFA)
  • Authorization methods such as Microsoft's implementation of Open Authorization (OAuth)
  • Conditional access policies: Mobile Application Management (MAM) and Azure Active Directory (Azure AD) Conditional Access.

What does this mean for your Case Manager?

Your Case Manager can be configured with Microsoft SSO. This supports tighter Office365 integration and the use of Multi-Factor Authentication (MFA). This enables you to log in to Case Manager via your Microsoft online credentials, securely and conveniently.

How does this relate to your email configuration?

After configuring Microsoft SSO, the email credentials for users who sign in and authenticate with Microsoft MFA are automatically applied to their Case Manager email settings without the need for any extra configuration.

 

In addition to the above, there are now two separate email configurations that can be set under Tools > Options > Email > Outgoing Mail Server:

  • The Global Email Server.

    This is the universal configuration that applies to all users that do not have an individual email configuration. For example, this would be the Office email address, instead of an individual user's email address.

  • The Case Manager System Email.

    This is the configuration that is utilised by the Case Manager functions such as the Forgot Password Feature reminders, SMS replies and Security notifications.

The Case Manager System Email will need to use a different SMTP configuration compared to the Global Email Server settings. This is because Microsoft accounts can no longer share credentials due to Modern Authentication. This effectively means that the Global Email Server cannot share credentials with the Case Manager System Email. As a result, a separate connection must be used. Please see System Email Server Configuration for further details.

Why Use Modern Authentication for Emails

Microsoft will stop supporting basic authentication (the use of an ordinary username & password) for EWS authentication in the very near future which will require MFA (Multi-factor authentication) to be configured.

Please note, when you have confirmed your identity using MFA, an encrypted token is saved to your machine. This token is specific to you and that computer and cannot be shared or saved to a server as this is a security risk. As a result, you will no longer be able to use someone else’s individual email account as the Global or System email Case Manager, as other users will not have access to that token.

Set Up Modern Authentication

When Microsoft SSO has been set up, users will see an option to grant access for the next time they sign in. Once granted, you will not need to configure each user's outgoing mail server settings. However, for the configuration to function correctly, each user's email address in the Employee List must match their Microsoft credentials.

To configure the Global Email Server and Case Manager System Email, please see System Email Server Configuration for further details.