New osTicket User Questions - Oauth2

dtigue

I have setup the departments and now I'm trying to get email setup for each department. Do I need to register a new application/token in Azure for each email address I'm using in osTicket or can I use the same token for multiple email accounts?

dtigue

I have a few follow up questions.

Can I delete the noreply and alert emails that are created automatically and still get the alerts in an email?
How do I create canned responses for me and my staff to use? I've searched every where in the Admin Portal and I do not see an option to create canned responses.
How do I enable the users to see the knowledge base articles. I haven't added any KB articles yet, but I did enable users to look through the knowledge base. However, when I go to the ticket portal I still only see an option to 'Open a Ticket' or 'View Ticket Status'.

Thanks for any help

KevinTheJedi

dtigue

To answer your question directly, you can typically reuse the application information (including secret, etc.) for your emails. Which emails/accounts can use this information and application would depend on how you registered the application. For example, if using O365 (Entra ID - formerly "Azure Active Directory") and you choose "Single Tenant" the only emails that can use the application information would be the ones under the tenant you registered the application under.

Of course; they are just examples auto-generated during install.
It’s not in the Admin Panel, it’s in the Agent Panel. Just make sure you enable the "Enable Canned Responses" setting under Admin Panel > Settings > Knowledgebase so Agents can use them.
First you need to enable the setting called "Enable Knowledge Base" under Admin Panel > Settings > Knowledgebase. Then you need to add FAQ Categories and FAQs.

Cheers.

dtigue

KevinTheJedi - Thanks for the response. So far the osTicket system has been a dream come true for my team. However, I do have one small issue. Since we went live with he site we have been getting hammered with excessive login attempts. I've looked but I'm not seeing a way to ban specific IP addresses or regions. Is this possible? Also, if not, could we get this added as a feature request. My support site can barely run due to the excessive login attempts. We went live today at 8AM CST and I have gotten about 500 emails since that time all warning me about excessive login attempts. I have set a limit on how many time you can try to login, and how long it will keep you blocked but eventually this time runs out and the bad actors start attempting to brute force their way in again.

Please tell me there is a way to fix this issue. Thanks!

KevinTheJedi

dtigue

As ntozier said this is best done at the web server level; not the application level. If you do it at the web server level you can avoid DDOS attacks and other similar attacks more effectively.

Also as ntozier said we do have the ACL feature but you have to define each IP address you want to allow manually; we do not accept IP blocks, etc.

Cheers.

ntozier

I personally feel that this would be better done at the webserver or firewall level.

But if everyone who has to access it is internal you can always set Admin panel -> Settings -> System, scroll down to ACL.