Using Connect action in Email package

Use the Connect action in the Email package to establish a connection with an email server. This is the first action you must use to automate an email-related task.

Prerequisites

You can use OAuth 2.0 to authenticate with the email server for email automation. Based on your email service provider, perform the relevant steps:
  • Outlook/Office 365

    The videos in the following playlist provides information about configuring and using OAuth 2.0 authentication in the Email Connect action:

    Note: If the mailbox is used inside a Loop action, ensure that you register the user who is assigned to perform the automation. For more information , see Manage users and groups assignment to an application.
  • Gmail
    • If you use the Authorization code with PKCE authentication mode, then perform the following steps:
      1. Configure the OAuth 2.0 settings in the Google Cloud Platform (GCP) and retrieve the necessary credentials to connect Automation 360 with your Google Workspace applications.
      2. Ensure you create a project.

        See create a project.

      3. Generate the Client ID and Client secret.
        See Setting up OAuth 2.0.
        Note:
        • Select the Web application option.
        • Add this authorized redirect URI: http://localhost:8888/Callback.
      4. Complete the steps to set up user consent for the username that you will use to connect to the Automation 360.
    • If you use Control Room managed authentication mode, then perform the following steps:
      Important: Email package currently supports the Control Room managed Oauth option for the OAuth connections based on Authorization Code Flow only.
      1. Configure the OAuth 2.0 settings in the Google Cloud Platform (GCP) and retrieve the necessary credentials to connect Automation 360 with your Google Workspace applications.
      2. Ensure you create a project.

        See create a project.

      3. Generate the Client ID and Client secret.
        See Setting up OAuth 2.0.
        Note:
        • Select the Web application option.
        • To add the authorized redirect URI, perform the following steps:
          1. Log in to the Control Room as an administrator or any user with Manage connections and View connections permissions and navigate to Manage > OAuth connections.
          2. Click Create connection tab and select Custom option from the Provider type field.
          3. Copy the Callback URL and navigate back to the Client application page in Google Cloud Console.
          4. Click + ADD URI button under Authorized Redirect URIs and paste the URI in the URIs field.
          5. Click Create.

          To learn how to create an OAuth connection in the Control Room, see Create OAuth connection.

      4. Complete the steps to set up user consent for the username that you will use to connect to the Automation 360.
Note:
  • Client Credentials flow does not support Gmail.
  • The Client Credentials and Authorization code with PKCE authentication modes do not support Yahoo and MSN mail servers.
Recommended: If you want to use both the authentication modes (Client credentials and Authorization code with PKCE), you must register on two separate applications.
Note: When you connect to an Exchange Web Services server, multi-factor authentication (MFA) must be disabled, including in all organizational level security policies where MFA might be enabled. If MFA is not disabled completely, users can encounter connection or authorization errors. However, if you still want to use MFA, review the information in this article (be aware that a successful connection is not guaranteed:

Multi-factor authentication for Azure EWS (A-people login required)

This action enables you to provide the email server credentials and details, and associate this information with a session name. Use this same session name for the other Email actions, so you only have to provide the server information once.

Procedure

To establish a connection with an email server, follow these steps:

  1. In the Actions palette, double-click or drag the Connect action from the Email package.
  2. Enter a session name.
  3. In the Outlook,Email server, or EWS option, specify whether you want to establish a connection with Microsoft Outlook or a mail server.
    Note:
    • When you connect with the EWS server and use Loop action to retrieve all the emails from the email server, and if the email subject contains the following characters, the bot fails to execute and displays an error message.
      • Control characters
        • Range: 0x00 - 0x08 (except 0x09 - Horizontal Tab) and 0x0B - 0x0C (except 0x0A - Line Feed and 0x0D - Carriage Return)
        • Hexadecimal values: 0x00-0x08, 0x0B-0x0C, 0x0E-0x1F
      • High surrogate and low surrogate pairs
        • Range: 0xD800 - 0xDFFF
        • Hexadecimal values: 0xD800 - 0xDFFF
      • Non-character code points
        • Range: 0xFDD0 - 0xFDEF, 0xFFFE - 0xFFFF
        • Hexadecimal values: 0xFDD0 - 0xFDEF, 0xFFFE - 0xFFFF
      • Restricted ranges
        • Range: 0x1FFFE - 0x1FFFF, 0x2FFFE - 0x2FFFF, 0x3FFFE - 0x3FFFF, 0x4FFFE - 0x4FFFF, 0x5FFFE - 0x5FFFF, 0x6FFFE - 0x6FFFF, 0x7FFFE - 0x7FFFF, 0x8FFFE - 0x8FFFF, 0x9FFFE - 0x9FFFF, 0xAFFFE - 0xAFFFF, 0xBFFFE - 0xBFFFF, 0xCFFFE - 0xCFFFF, 0xDFFFE - 0xDFFFF, 0xEFFFE - 0xEFFFF, 0xFFFFE - 0xFFFFF, 0x10FFFE - 0x10FFFF
        • Hexadecimal values: 0x1FFFE - 0x1FFFF, 0x2FFFE - 0x2FFFF, 0x3FFFE - 0x3FFFF, 0x4FFFE - 0x4FFFF, 0x5FFFE - 0x5FFFF, 0x6FFFE - 0x6FFFF, 0x7FFFE - 0x7FFFF, 0x8FFFE - 0x8FFFF, 0x9FFFE - 0x9FFFF, 0xAFFFE - 0xAFFFF, 0xBFFFE - 0xBFFFF, 0xCFFFE - 0xCFFFF, 0xDFFFE - 0xDFFFF, 0xEFFFE - 0xEFFFF, 0xFFFFE - 0xFFFFF, 0x10FFFE - 0x10FFFF

          Workaround: You can use Microsoft Outlook or Email server to perform this operation. However, we recommend that you use the Microsoft 365 Outlook package, as Microsoft has announced EOL for the EWS APIs that are used to connect to Exchange Online. See, Deprecation of EWS APIs in Exchange Online

    • When you establish a connection with Microsoft Outlook, email messages are processed from the shared mailbox. Ensure that you have set up the shared mailbox in your Outlook application.
      • This feature is supported only for Outlook.
      • You can select only one mailbox from the list of mailboxes in the shared mailbox.
      • The meeting invitation is not read in Outlook because the bot does not select calendar invites as email objects. This feature is not currently supported.
    • If you have selected the Outlook option, you do not need to provide any additional details.

      You can use variable option to specify the email address to which you want to connect.

    • If you have selected the Email server option, complete the following fields:
      Note: For information about the host and port to be used for the various mail servers, see Email server settings.
      • Use secure connection (SSL/TLS): Select this option if you want to use a secure connection with the mail server.
      • Host: Enter the name of the mail server.
        Note: This field is not case-sensitive.
      • Port: Enter the port number of the server.
      • Protocol: Select either IMAP or POP3 protocol.
        Note: Regex is supported for IMAP protocol and reads emails from all subfolders under Inbox.
      • Authentication mode: Choose from the following authentication modes:
        • Basic: Uses the username and password.
        • OAuth2 – Authorization code with PKCE: See Microsoft identity platform and OAuth 2.0 authorization code flow

          For more information on how to set up application in Azure to use OAuth Authorization Code with PKCE Flow for Mail Server, see How to setup App in Azure and Exchange Online to use OAuth 2.0 Client Credentials Flow for IMAP/POP3 Mail Server (A-People login required).

        • OAuth2 – Client credentials: See Microsoft identity platform and the OAuth 2.0 client credentials flow

          For more information on how to set up an application in Azure to use OAuth 2.0 Client Credentials Flow for IMAP/POP3 Mail Server, see How to setup App in Azure and Exchange Online to use OAuth 2.0 Client Credentials Flow for IMAP/POP3 Mail Server (A-People login required).

        • Control Room managed
          To use Control Room managed OAuth2 mode of authentication to automate Gmail, you must configure the OAuth connection in the Control Room. See Create OAuth connection.
          Note: Control Room OAuth Managed supports only Gmail and not Outlook client.

          Update the information in the following fields:

          • Connection: Click the Pick button to select a connection type.
          • Select Custom in the Provider type field.

          • Select the connection name that you set up in the Control Room for Google Workspace apps.

          • Use the Token type field to select one of the following options:

            For information about the Google Workspace application access and refresh tokens, see Configure enterprise applications

            • Shared: Select this option when the OAuth2 access token is shared for all users running the automation.
              Note: This option requires the Control Room administrator or any user (with Manage connections and View connections options enabled for the OAUTH CONNECTIONS) to set up an OAuth connection in the Control Room. Save the login credentials one time to generate a shared access token that can be used by all users running the automation.
            • User-specific: Select this option when the OAuth2 access token is specific to each user running the automation.
              Note: This option requires the Control Room administrator or any user (with Manage connections and View connections options enabled for the OAUTH CONNECTIONS) to set up an OAuth connection in the Control Room. Ensure you do not save the login credentials so that each user running the automation can provide their login credentials and generate an access token that can only be used by that specific user.
            • Click Confirm.
          Note: When you use User-specific option, you must log in to your Google account to authenticate and generate a user-specific token. Perform the following steps to use this option:
          1. In the Control Room, navigate to your profile My settings > OAuth connections.
          2. Click Login to authenticate.
          3. Sign in to your Google account and select Continue.
          4. Verify the services you have access to and Click Continue.

            If the connection is succeeded, it will display the status as Active.

        Depending on the authentication mode that you selected, you must specify the details in the following fields as applicable.
        • Username: Enter the username that you want to use to access the mail server.

          For example, john.smith@myCompanyName.com

        • Password: Enter the password for the username you provided.
        • For Client ID, Tenant ID, Redirect URI, and Client secret fields, enter the information that is provided for your account on your Azure portal.
        • Email provider: Select your email service provider from the drop-down list.
          • Outlook/Office365

            If you select this option, then provide the Tenant ID.

          • Gmail
        For Username, Password, Tenant ID, Client ID, and Client secret fields, choose from Credential, Variable, or Insecure string tab:
        • Credential: Use a value available in the credential vault.
        • Variable: Use a user-defined variable that stores the values.
        • Insecure string: Manually enter a value.
    • If you have selected the EWS option, complete the following fields:
      • Exchange Version: Select the version that your organization is using:
        • Exchange Server 2013
        • Exchange2010_SP2
        • Exchange2010_SP1
        • Exchange2010
        • Exchange2007_SP1
      • Azure cloud: Select the product that your organization is using:
        • Azure Global: For customers of Microsoft 365 Commercial version (login.microsoftonline.com)
        • Azure US GCC High: For customers of Microsoft 365 Government version (login.microsoftonline.us)
      • Optional: Domain name:
        • If you are a Microsoft 365 customer and you leave this field blank, Automation Workspace uses smtp.office365.com to connect to the server.
        • If you are an Microsoft 365 customer and you have entered a domain name in the username field, you must enter smtp.office365.com in this field.
        • If you are not an Microsoft 365 customer, enter the domain name of your organization. Otherwise, Automation Workspace uses the domain name you provided in the Username field.
      • Authentication mode: Choose from the following authentication modes:
        Note: From Automation 360v.27 or later, the authorization type OAuth2-Silent authentication mode is renamed to OAuth2-ROPC, and the OAuth2-Interactive authentication mode is renamed to OAuth2-Implicit.

        If you have trouble connecting to shared mailbox using EWS, see Unable to connect to shared mailbox using EWS error (A-People login required).

        Depending on the authentication mode that you selected, you must specify the details in the following fields as applicable.
        • Username: Enter the username that you want to use to access the mail server.

          For example, john.smith@myCompanyName.com

        • Password: Enter the password for the username you provided.
        • For Client ID, Tenant ID, Redirect URI, and Client secret fields, enter the information that is provided for your account on your Azure portal.
        • Test connection: Click Test connection to sign in to your account, accept the permissions requested to authenticate, and establish a connection with the server.
          Note:
          • When you perform a desktop operation and click Test connection, variables such as (Credential, Credential variable, or Sting variables) are currently not supported.
          • When you perform desktop operation and click Test connection to sign in to your account, then add this redirect URI: https://outlook.office365.com
        For Username, Password, Tenant ID, Client ID, and Client secret fields, choose from Credential, Variable, or Insecure string tab:
        • Credential: Use a value available in the credential vault.
        • Variable: Use a user-defined variable that stores the values.
        • Insecure string: Manually enter a value.
  4. Click Save.