3/13/2023 0 Comments Davmail oktaIn Thunderbird, use OAuth2 only when it's necessary. I'm on a Linux laptop (Kubuntu) and don't integrate into AD/ADFS - no need for SaMBa, etc. "Have you tried setting up your device as a trusted device?" It would be great to be able to simply use 2FA and not be required to be on VPN. If VPN was down, then 2FA was required for security purposes. The organization preferred to use the Microsoft 2FA (Modern Auth) provided by O365. Nothing fancy, and no MAPI/OWA stuff in play.Ī solution was worked out to continue allowing use of the current options in Thunderbird, but required being on VPN to do so. "How do access outlook from Thunderbird?"Īccess is IMAP+SMTP and ExchangeCalendar with Lightning. The key factor comes down to authentication which is what this request is about. Organizations can, however, choose whether or not to enable POP3 and IMAP even with O365. Some integrations don't allow them but they're also an add-on cost IIRC. "Application passwords may not always work, but then I think POP3 and IMAP are also disabled and you need another protocol (MAPI, OWA?) to access your e-mail, which isn't supported yet by Thunderbird."Ĭorrect - Application Passwords are not always architecturally feasible with how ADFS works. ![]() Perhaps a good solution may be to create a plug-in interface for authentication so that extensions could be written to support various kinds of authentication, including the variety 2FA methods out there? Just a thought. ![]() It would just be really awesome to not have to do work arounds especially as more and more folks are moving towards O365 and 2FA. I was fortunate in that we had a non-insignificant group of folks using IMAP/SMTP so they worked out a solution via VPN. This would also help folks with convincing their organizations to enable IMAP/POP3 too. I'm not asking for native Outlook (MAPI/OWA) functionalities be integrated just Modern Auth capabilities. Whether Thunderbird does the browser integration method or directly auths against O365 doesn't really matter to me I'm just looking for a better authentication experience against O365 for services Thunderbird already supports, and extensions (f.e ExchangeCalendar) take advantage of. Other application (Slack Desktop, CryptZone AppGate) due so via a browser integration so that tokens can be re-used and the browser can manage the auth-session and thus maintain an SSO solution. It would have been really nice to have Thunderbird support the Microsoft 2FA Protocol (aka Modern Auth) directly which would have allowed things to just work. However, the organization wanted to use 2 Factor Authentication but did not have a configuration that allowed for using O365's Application Password capability (not available for every O365 integration) So the basic situation was that O365 Exchange had IMAP/SMTP enabled for use by Thunderbird, just like anything else MAPI/OWA protocols were required. NOTE: A solution where plug-in authors could provide authentication functionalities to support this would be excellent and would seem to be a proper solution to the issues raised in related discussions in. A work around is for companies to allow fall-back to non-2FA authentication but that is not very desirable and requires companies to make special arrangements for subsets of users to do this. NOTE: Due to Microsoft's pricing structure and features the Application Password functionality is not available to every O365 integration/deployment. This should be doable via either Thunderbird directly or via an account authentication plug-in infrastructure. ![]() NOTE: From my understanding in various Thunderbird plugin discussions (such as ) having a plug-in handle the authentication is not possible at least under the current design.ĭialog pop-up to interact with O365 in order to perform the 2FA authentication and get a token that Thunderbird can then re-use for the duration of the session. ![]() Setup an email account with O365 that has Microsoft's 2FA setup and does not allow Application Passwords (b/c it's not available for all integrations with O365).Īuthentication Denied as there is no ability to either pull a token from Firefox/Chrome, or perform the 2FA authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |