How to Authorize Sync Engine in Corporate Office 365 / Azure Settings¶
Revenue Inbox Sync is ready to be connected to any supported email server out of the box. Similarly to RI Add-In installed for end users’ mail accounts, it is a server app that requires specific server-side permissions to run for individual users. Specifically, security policies configuration established in a company’s Office 365 / Azure infrastructure should explicitly allow the app to run; that can be ensured by the local Administrator via Microsoft 365 Admin center and Azure Active Directory.
This troubleshooting article addresses the three common issues which may prevent RI Sync engine’s functioning on server side.
I. Check your corporate firewall configuration¶
See this article for complete information on how to do that.
II. Adjust Azure server Enterprise Applications configuration¶
Steps how to do that:
1. Log in to the Azure management portal https://portal.azure.com with Admin credentials
2. Click on All services in the Main menu
3. Select the directory you are using for the Revenue Inbox server app
4. Click on the Enterprise applications tab
5. Select the application from the list of applications associated with this directory
6. Click the Properties tab
7. Change the Enabled for users to sign-in? toggle to Yes
8. It is also recommended (but not required) to enable the User assignment required? toggle; this allows the end users to authorize Revenue Inbox sync independently from the Admin
9. Click the Save button at the top of the page
10. In addition, check whether the Revenue Inbox application with the ID indicated in the error notification you got is on the list of applications (added/whitelisted/allowed for users to be assigned).
III. To resolve the “You can’t access this application” error on users authentication via a service account¶
If you get an error notification containing the message “Revenue Inbox needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it” or a status code AADSTS90094, you need to adjust your Office 365 settings to allow the end users to sign in to apps like Revenue Inbox Sync.
Why does this error occur?¶
The most common cause is when the end users have no permission to confirm OAuth consent screens for an application, unless they have Admin rights within your Office 365 tenant. Enterprise apps like Revenue Inbox use OAuth as a more secure way to authorize scoped access to your Office 365 tenant email and calendar data with a username and password. Learn more about service principals and Enterprise app permissions here.