Trying to get OAuth2 setup before our basic is depreciated. And I'm running into an issue where when I submit the configuration with all the app registration information for an email account it just hangs on the loading screen. Opening dev tools showing a oauth2:msmail with a status code of 500. The setup worked fine from the main plugin getting admin accounts to use OAuth2. I even tried making a new app registration and no luck. Not sure where to start troubleshooting here.
Here is what is filled out on the authorization page
KevinTheJedi
Will give that a try! Thanks for the lighting fast response!
There is a way to do it without deleting the email but itโs more involved and requires changes in the database. This is just the easiest option.
Cheers.
KevinTheJedi
Okay making progress! Got past the loading screen now getting a Microsoft error. This screen shows after consenting on behalf of my organization.
Looks like it has trouble signing you in. Please reach out to your Global Admin or MS for further assistance. This is not an osTicket issue.
Cheers.
it-law-man
Made a new app registration and that seems to be working. Now It's giving an email mismatch. Do these accounts needd temp admin? Could do a pim role if needed. but tried to consent from my account with GA and getting this
Ah, okay. So, when you get redirected to MS you need to login as the email you are trying to configure in the helpdesk. This is very important and is specified in our documentation here:
Here it is very important to login to the email you are trying to configure in the helpdesk.
Cheers.
KevinTheJedi
So I had tried that, and since the account is not an admin I used my personal admin account to grant access and that is when I got that error. I gave the service account global admin and it seems to be working. However when removing global admin it stops working. Is GA really needed? Seems a bit excessive.
Most important thing is I now have a working solution so no more panicking about basic auth going away lol.
Thanks for all teh help with this!
You do not need global admin. Have the global admin consent org-wide for the app under Registered Applications > Security > Permissions > Grant Admin Consent. After this your email user should be able to consent themselves.
Cheers.
KevinTheJedi
So weird. I had already done that and it still pops up asking for consent. Maybe I'm missing an api permission or something?
Wrong section, that's to grant consent for the permissions but to grant it tenant-wide you must go to the place I said above.
Cheers.
KevinTheJedi
Ahhhhh. Idk if this is tenant specific but I had to get there through enterprise apps (which shows app registrations as well). Only then did it show a security tab and the option to grant on behalf.
Sorry yea, my fault, I meant Enterprise Apps. They have so many tabs and such hard to remember the right name 
Cheers.
KevinTheJedi
Lol I still get lost in their endless portals even being in them 8 hours a day!
Anyways thanks for all the help!
For anyone stumbling upon this later on. I still am unable to remove GA from these accounts, but I think that's more of an issue with MS and maybe our tenant specifically.
