Hi ca6603430c18, 

Sorry for the late response, are you using JSM Server/DC or JSM Cloud? This particular bug is related to JSM Server/DC as the steps you describe above sound like they are for the cloud version of JSM. 

If you are on Cloud, I see there is a Jira bug which is closed as "won't do" for this: https://jira.atlassian.com/browse/JRACLOUD-30688

But there is a comment on it saying that it does work for JSM Cloud with some steps. This might help you: https://jira.atlassian.com/browse/JRACLOUD-30688?focusedCommentId=1442661&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1442661 

Otherwise, I'd suggest raising a support ticket or raising a question on the Atlassian Community for further help. 

Thanks,

Craig. 

Thanks for your quick response Craig!

I have the free license for JSM next-gen platform. We are in the process of buying additional licenses and I hope that is not causing any issues. I followed the below steps.

1. From project settings of a Jira Service Desk project, I select Email from channels.
2. I then click on Microsoft icon from connect a custom email account.
3. I get a popup to enter the email address.
4. I then enter Shared Mailbox email address.
5. After all authentication completes, I see my email address added to custom email channel instead of Shared Mailbox email address. 
6. I can't seem to use Shared Mailbox email address at all.

The above steps are for using custom email for creating tickets. We also want to use the same Shared Mailbox email address for sending notifications. Do you think this is possible? Do I have to create a support ticket for the same?

Regards,

Shruti

Hi ca6603430c18,

Just to confirm, have you set the email address on the JSM email request configuration to your shared email address and when you do the OAuth 2.0 authorization you then use the account which has delegated access? I do not think you should need a password for the shared account since access is granted via OAuth tokens. You can also double check that you have added the three scopes below to see if this helps:

https://outlook.office.com/IMAP.AccessAsUser.All

https://outlook.office.com/POP.AccessAsUser.All

offline_access 

You can also try turning on debug logging for the email connection and additional logging for the package `com.atlassian.jira.internal.mail` to see if this helps point to the issue. See this page for help on turning on additional logging. 

In addition, you can also turn on the mail debug logs using the mail.debug system property to see what additional information is returned from the mail server when authenticating:

To enable email logging for incoming and outgoing at the protocol level, add -Dmail.debug=true to the Jira startup parameters.

I would suggest opening a support ticket if this doesn't help so that we can get more information on the error that you are seeing, view the logs and assist you further if following the setup guide does not help resolve your issue: https://confluence.atlassian.com/adminjiraserver/integrating-with-oauth-2-0-1013845729.html

You can raise a support ticket at https://support.atlassian.com

Thanks,

Craig. 

Hi @Craig Shannon,

We are configuring Shared Mailbox with JSM. Our Microsoft's AD team have granted delegated user access. However, our shared mailbox account doesn't have a password. Should we set the password? I can't seem to get this working at all. I can't even add shared mailbox account to the project as user.

Hey,

I have tested this with OAuth 2.0 and it should work. I have tested this on both Jira and JSM. When using a shared shared email address, set the username as the shared mailbox address in Jira or email field in JSM and authorize as the delegated user during the OAuth 2.0 authorization flow. The token will then be granted for the delegated user and access will be granted for the mail handlers. 

Thanks,
Craig. 

Although it technically works to reset the password of a shared mailbox in O365 and directly log-in as with the shared mailbox credentials, this is practice is discouraged by microsoft. And in the standard setting also against Microsoft licensing terms if the shared mailbox does not have a license assigned.

Please reconsider to implement the authentication to a shared mailbox with a delegated account. Ideally implement this immediately with the Oauth2 authentication for IMAP.

This should be fairly straightforward to implement by adding the property mail.$protocol.sasl.authorizationId to com.atlassian.mail.server.AbstractMailServer.setInitialProperties()
(At least for Atlassian. ofc it would also need updates to the UI)

Just want to add so its clear, using the Service Desk Email Requests works with shared mailboxes.

As Seth said you need to go to the Office 365 Admin center and reset the password for the shared mailbox user

What I used:

Protocol: SECURE IMAP
Host: outlook.office365.com
Port: 993

Email address: sharedmailbox@mydomain.com

Username: sharedmailbox@mydomain.com
Password: (sharedmailbox user password)

Can confirm the above comment - Followed the same procedure and JIRA authenticated just fine. I left off the \mailbox-alias and just used the email address as the username.

This now works fine using the shared mailbox credentials and secure IMAP as the protocol to access Office 365.

To set the password for the shared mailbox user, you must go to the Admin Center -> Users -> Active Users and reset the password for the Shared Mailbox user. When you do that, specify the password, and uncheck 'Make this user change their password when they first sign in'.

I put in the full email as user name, password as password, and my JIRA is now checking IMAP email successfully.