The Technical Support Agent (TSA)
Definition
The Technical Support Agent (TSA) is a monitoring tool that checks emails received in IT Support inboxes. Its role is to convert messages automatically to incidents, service requests, change requests, or events based on the instructions specified in the emails.
EndDefinition
- Instructions are specified using predefined variables.
- This may result in the creation of a new object or the update of an object described in the message.
- File attachments sent with the email can be attached to the object.
To access the inboxes, you must configure the protocol used by the email server depending on the selected authentication method.
Operating principle
1. The Technical Support Agent connects to the IT Support inboxes on a regular basis.
- Inboxes receiving user messages that report incidents or submit requests to IT Support
- Inboxes receiving automatically created events when a failure is detected for an equipment or configuration item (CI)
2. The Technical Support Agent retrieves emails from two sources.
- Emails sent by Service Manager, via approval workflow steps or wizards
- Emails sent by an external application via the email server
Emails from unknown senders may be redirected to another inbox to be manually processed by the Service Desk. Once the email contents have been checked, the Service Desk will process the email or delete it if it is spam.
3. The actions described in the email are automatically performed.
- A new object is created. Its category is the subject associated with the message. If this is not available, then it is the subject associated with the inbox.
or - The object described in the message is updated, e.g. fields passed in parameters are modified, tickets are put on hold, reopened or resolved, approval/rejection emails are processed, attachments are stored, etc.
The Technical Support Agent (AST) will perform the actions described in the email only if the email address of the sender and the email address of the requestor/recipient specified in the message are identical.
- This information is not modifiable.
- This principle ensures that a given user will not complete an action on behalf of another.
See the examples
4. The email is automatically deleted once it is processed in order to reduce the volume of the inbox.
Example
- An email is transmitted by a user to the mailbox for incidents of the IT support.
- Title: Description of the problem on my smartphone
- Message: Impossible to start the application. See the attached screen captures
Recipient / Requesting person : fleblanc@aef.com
@ASSET@='P04319'
@CODE_CATALOG@='Smartphone'
@DATE@='02/07/2022'
@URGENCY@='1'
Attached pieces: document.txt==> An incident is automatically generated dated 02/07/2022, with a High urgency, for the equipment P04319.
- The variable @CODE_CATALOG@ is completed: the default topic of the mailbox is replaced by the category Incidents/Equipment/Other Peripherals/Smartphone.
- The standard workflow Incident: Standard Process related to the category will automatically trigger.
- The attached piece document.txt is attached to the incident, and accessible via Documents tab.
- The message is sent from the email address, gsmith@aef.com.
==> The Technical Support Agent will not process the message received because the email address of the recipient, fleblanc@aef.com, is different from the email address of the sender, gsmith@aef.com.
Modern authentication based on OAuth 2.0
Modern authentication is based on OAuth 2.0 and is used with Office 365 and Microsoft Graph protocols. It requires an Azure AD application to be registered on the Microsoft Azure portal with the relevant permissions for using the Microsoft Graph Mail API. See the procedure.
API permissions are required to authorize the Azure AD application to access API resources.
- Application permissions for CC (Client Credentials) mode. This enables the Technical Support Agent to authenticate using its own credentials without any user interaction or consent (access without user sign-in).
- Delegated permissions for ROPC (Resource Owner Password Credentials) mode. This enables the Technical Support Agent to access the API via the consent granted by the user when signing in (access with user sign-in).
Permissions required by the Technical Support Agent in order to use the Microsoft Graph Mail API (modern authentication)
- Office 365 protocol:
- Only delegated permissions (ROPC mode)
- User.Read, IMAP.AccessAsUser.All, offline.access
- Microsoft Graph protocol:
- Degated permissions (ROPC mode) or application permissions (CC mode)
- User.Read, Mail.ReadWrite, offline.access and optionally Mail.ReadWrite.Shared
Notes
- Protocols not supported by the Technical Support Agent:
- Multifactor authentiication (MFA): sms, phone, mobile app
- Code d’autorisation OAuth avec écran de consentement
- For security reasons, the password and the client secret will not be displayed when you open an existing form. They are nevertheless stored in the database and it is not necessary to re-enter them.
- The Application ID (client), Directory ID (tenant) and Client Secret fields are dedicated to the modern authentication. The may not be displayed on the form. In this case, you have to add them manually on the form. See the detailed procedure.
- Update of the form processed by the Technical Support Agent:
- The topic and the message body are reported to the Description.
- The responses to the emails of Service Manager and the attachments can be attached to the object; then they can be accessed via the Documents tab in the forms (provided that you have enter the Technical Support Agent email adress in the other parameter {TSA} Support return email address).
- A log file allows checking the history of the operations executed by the service SmoServer.
- Predefined variables. See the list.
- They must to be placed between @ characters.
example Event generated at @DATE@ - Each value of the variable must to be put between apostrophes ' ' .
example @ASSET@='P04319' - If a variable includes several values, each one must be placed between curly brackets { }.
example @FIELDS_TO_UPDATE@={COMMENT=Internal Problem} {ASSET_TAG=ZS_010} - If the variable allowing to identify the object number is completed, the existing record is updated; otherwise a new record will be created.
example The incident @RFC_NUMBER@)='100622_000027' has been updated.
- They must to be placed between @ characters.
Caution
- When the Technical Support Agent is deactivated, the mailboxes will not be consulted any longer even if they are active.
- If you modify the inbox configuration from POP3 or IMAP protocol towards Microsoft Graph protocol, you must clear the content of the Password field to ensure that the Technical Support Agent will be able to connect the inbox and process the emails received.
- To prevent integration errors from the Technical Support Agent and the saturation of the hard-disk of the platform, you should create a mailbox to receive the different incident types and associate a default topic.
- To prevent out-of-office emails from inadvertently generating tickets, all messages whose header contains the following tags will systematically be rejected by the Technical Support Agent. Check that your email server is correctly configured.
- Auto-response messages:
- auto-submitted: auto-replied
- Report messages:
- content-Type: multipart/report
- disposition-notification
- delivery-status
- Auto-response messages:
- Html interpretations:
- Office 365 and Outlook Web Access (OWA) clients have limitations regarding Html interpretations. To make sure your emails are interpreted by all the email clients, respect the best practice.
- Only use ' character (right quotation mark) and never ‘ character (left quotation mark) in the body part of the approval/refusal emails.
Note: If you do a copy-paste from Word or Outlook, right quotation marks are automatically replaced by left quotation marks. You will have to replace them back to right quotation marks for them to be correctly interpreted.
- Microsoft has announced that it will stop support for basic authentication for IMAP and POP3 protocols in Exchange Online as of December 31, 2022. If you are using one of these configurations for your Technical Support Agent, connection to Office 365 inboxes will no longer be possible. You must modify the configuration and use OAuth 2.0 modern authentication.
See Microsoft - End of support date for Basic Authentication in Exchange Online.
Best Practice
- Associate a default topic of the different incident types quit general such as Incident Front Office. Once the message has been analyzed, the technical support has the possibility to re-qualify the incident more precisely (Example: Incidents / Equipment / Laptop / Battery).
- To ensure that the body part of the approval/refusal emails is correctly interpreted by all the email clients:
- Only use ' character (right quotation mark).
- Replace spaces by %20, except for the values of the predefined variables.
example- To approve ==> To%20approve
- 21/10/2022 14:30 ==> 21/10/2022 14:30
- Replace = characters by %3D.
- Replace quotation marks ' ' by %27.
example @CHOICE@='1' ==> @CHOICE@%3D%271%27
- To assist you with entering an approval/refusal email, you should use this CHA's Mailto Code Generator. See the procedure
Menu access
Administration > Parameters > Technical Support Agent
Screen description
Mailbox: Name of the inbox specific to IT Support.
Enable Active Mailbox Scan: Used to indicate if the inbox is active and can receive messages (
) or if it is inactive (
).
Type: Type of protocol used by the email server. The configuration of the Technical Support Agent depends on the selected protocol.
- Only the following protocols are supported by the Technical Support Agent.
- POP3: Basic authentication via a login and password.
- IMAP4: Basic authentication via a login and password.
- Office 365: XOAuth modern authentication for the IMAP4 protocol only in ROPC mode (delegated permissions). The protocol uses a secure SSL/TLS connection.
- Microsoft Graph: OAuth 2.0 modern authentication in ROPC mode (delegated permissions) and CC mode (application permissions). The protocol uses the Outlook REST API via the HTTPS protocol.
- Modern authentication based on OAuth (Office 365 and Microsoft Graph protocols) requires to register an Azure AD application on the Microsoft Azure portal with the relevant permissions for using the Microsoft Graph Mail API. See the procedure.
Read Interval (in Min): Frequency (in minutes) based on which the inbox is checked for new messages received.
Set an interval of five minutes minimum.
Mail Server: IP address of the email server.
- Office 365 protocol: This is outlook.office365.com.
- Microsoft Graph protocol: It is unspecified. It automatically uses the Microsoft server specific to the Microsoft Graph Mail API.
Port: Port number for accessing the email server.
Login/Password: Login and password for accessing the inbox.
- POP3 and IMAP4 protocols: These fields are required.
- Office 365 protocol: These fields are required.
- Microsoft Graph protocol:
- The login is required.
- The password is required for the ROPC mode (delegated permissions).
- The password must be empty for the CC mode (application permissions).
SSL/TLS: Used to indicate if the email server connection method is secured using an SSL (Secure Socket Layer) or TLS protocol (Transport Layer Security) () or not ().
- Office 365 protocol: Enabled .
- Microsoft Graph protocol: Disabled .
StartTLS: Used to indicate if the StartTLS protocol is used for the configuration of the Technical Support Agent () or not ().
- StartTLS protocol is used to secure a standard connection via TLS.
- It is mainly used with SMTP, IMAP and POP.
- It can run with both SSL and TLS.
Information required only for modern authentication
Notes:
- If these fields are not displayed, you have to add them manually on the form. See the detailed procedure.
- This information is retrieved from the Azure AD application that you must create beforehand. See the procedure.
- Application ID (client): Unique ID (GUID) of the Azure AD application in the Active Directory.
- Directory ID (tenant): Unique ID of the Active Directory in Microsoft Azure.
- Client Secret: Secret associated with the application ID.
- The secret is hidden using the * character to safeguard confidentiality.
- Office 365 protocol: The field is optional.
- Microsoft Graph protocol:
- The field is optional with the ROPC mode (delegated permissions).
- The field is required with the CC mode (application permissions).
Default Category: Default subject of the generated object.
Origin: Method by which the current object is reported to IT Support.
example Phone, email
Create Unknown Requestors: Used to indicate if senders of emails should be created if they do not exist in Service Manager (box is checked) or not (box is not checked).
- The existence of the sender is checked using the email address.
Redirect Unknown Emails to: Email address for redirecting emails if senders do not exist in Service Manager and if the automatic creation of unknown senders is disabled.
- Specify a Service Desk inbox for unknown emails, e.g. spam, instead of a Technical Support Agent inbox. The Service Desk can check this inbox on a regular basis to ensure that no valid IT Support request is ignored.
- To help the IT Support team identify these emails in the inbox easily, you can add a prefix to the subject of these emails in the Prefixing the Subject With field.
Procedures and Wizards
How to implement the Technical Support Agent
Prerequisites: Create an Azure AD application for modern authentication.
Modern authentication based on OAuth (Office 365 and Microsoft Graph protocols) requires to register an Azure AD application on the Microsoft Azure portal with the relevant permissions for using the Microsoft Graph Mail API.
See the procedure.
Step 1: Create the dedicated mailboxes.
1. Select Administration > Parameters > Technical Support Agent in the menu.
2. Click 
.
3. Select the default topic of the mailbox. This is an incidents/requests/events catalog entry.
4. Select the type of protocol. The properties to complete depen on the value you select.
Notes for a modern authentication:
- The Application ID (client), Directory ID (tenant) and Client Secret information are retrieve from the Azure AD application. See the detailed procedure.
- If you do not see these fields on the Technical Support Agent form, you should add them manually. See the detailed procedure.
- POP3 and IMAP protocols (basic authentication):
- Specify the Login / Password fields.
- Office 365 protocol (modern authentication based on XOAuth):
- Enable the SSL/TLS option ().
- Specify the Login / Password fields.
- Specify the Application ID (client) and Directory ID (tenant) fields.
- Specify the Client Secret field according to your needs.
- Enable the SSL/TLS option (
- Microsoft Graph protocol (modern authentication based on OAuth 2.0):
- Disable the SSL/TLS option ().
- Specify the Application ID (client) and Directory ID (tenant) fields.
- For the ROPC mode (delegated permissions):
- Specify the Client Secret field according to your needs.
- For the CC mode (application permissions):
- Clear the Password field.
- You must specify the Client secret field.
- Disable the SSL/TLS option (
5. Activate the mailbox by checking the Enable Active Mailbox Scan box.
6. Click 
.
7. Repeat these actions to create each mailbox dedicated to the process of incidents/requests/events.
Step 2: Enable the Technical Support Agent.
1. Launch the Enable / Disable wizard.
Step 3 (optional): Configure the telnet connection.
See Installation Guide > Troubleshooting POP3 connections.
Step 4: Configure EasyVista Monitoring.
1. Connect to Easyvista Monitoring: http://SERVEREZV/Monitoring/.
2. Select the page Easyvista SGBDR > Parameters > Edit table A_PARAMETERS.
3. Select the connection EZV_ADMIN (For SQL Server) or EVO_ADMIN (For Oracle).
4. Check and update if necessary the value of the parameter ASTSERVER in the section [OTHERS] (Not specified in a_parameter.ini).
- ASTSERVER = name NETBIOS (or IP or DNS name) of the system hosting the service SMO Server
- If there are several network interfaces, only use the IP address to which the service SMO Server listens.
5. Click Save Changes.
6. Re-start the service SMOServer.
Step 5: Configure the log file.
1. Open the smoserver.ini file on the application server.
2. Complete the Log_Typevariable = lt_All.
- As soon as a message is received in one of the mailboxes monitors by the Technical Support Agent, it is processed and then deleted automatically.
- The log file is automatically updated.
Step 6: Enter the Technical Support Agent email address to store elements in the Document tab.
1. Select Administration > Parameters > Other Parameters in the menu.
2. Select {TSA} Support return email address.
3. Run the Update wizard.
4. Enter the return email address. Note: This must correspond to one of the email accounts used by the Technical Support Agent.
5. Click Finish.
How to configure modern authentication for the Technical Support Agent
Step 1: Register an application on the Azure portal.
1. Create a new Azure AD application on the Azure portal.
See the detailed procedure
2. Retrieve the Azure AD application IDs required for configuring the Technical Support Agent.
- Copy the new Azure AD application ID from the Application (client) ID field on the Azure portal and paste it in the Application ID (client) field in the Technical Support Agent window.
- Copy the tenant ID from the Directory (tenant) ID) field on the Azure portal and paste it in the Directory ID (tenant) field in the Technical Support Agent window.
3. Retrieve the Azure AD application IDs required for configuring the Technical Support Agent.
- Create the client secret for the new Azure AD application. See the detailed procedure.
- Copy the client secret from the Value field in the Client Secrets section on the Azure portal and paste it in the Client Secret field in the Technical Support Agent window.
Step 2: Declare the user authorized to access the Azure AD application.
See the detailed procedure
1. Add a new user in the Azure AD application.
2. Declare the email address of the user authorized to access Technical Support Agent inbox. This is the one specified in the Login field in the Technical Support Agent window.
Step 3: Add the permissions for using the Microsoft Graph Mail API.
See the detailed procedure.
1. Add a permission for the Microsoft Graph Mail API (1) and select the type of permission required (2).
- Office 365 protocol: Only delegated permissions.
- Microsoft Graph protocol: Application permissions (CC mode) or delegated permissions (ROPC mode).
2. Select the permissions for using the Microsoft Graph Mail API depending on the protocol.
Note: The User.Read permission is granted by default.
- Office 365 protocol:
- User.Read: This enables the Technical Support Agent to authenticate.
- IMAP.AccessAsUser.All: This enables the Technical Support Agent to access emails in the inboxes.
- offline.access: This enables the Technical Support Agent to read and modify data in offline mode.
- Microsoft Graph protocol:
- User.Read: This enables the Technical Support Agent to authenticate.
- Mail.ReadWrite: This enables the Technical Support Agent to access emails in the inboxes. Note: This is simply a read/write access and does not include the right to send emails.
- Mail.ReadWrite.Shared (optional): This enables the Technical Support Agent to access emails in the shared inboxes
- offline.access: This enables the Technical Support Agent to read and modify data in offline mode.
Step 4: Grant administrator consent for permissions.
Note: You must have the relevant rights to perform the actions in this step. If this is not the case, you should ask the administrator of your tenant to grant consent.
- The Technical Support Agent can now access the dedicated inboxes and retrieve messages.
- Emails will be processed and imported as tickets into Service Manager.
How to configure an approval/refusal email
Approval/refusal emails are sent via validation steps workflow.
- The user can click on one of the two hyperlinks: Accepted / Refused.
- His response will be automatically sent to the Technical Support Agent via an email.
Step 1: Open the validation step workflow.
1. Go to the workflow.
The graphical editor will be opened.
2. Double click on the approval step.
Step 2: Enter the approval/refusal email.
1. Enter the mail address of the Technical Support Agent in the field Return address.
2. Specify the object reference in the field Subject.
Note: Use the @RFC_NUMBER@ predefined variable.
3. Enter the text of the email in the field Message.
- You should use the CHA's Mailto Code Generator tool. See the procedure.
- See the Best practice to enter the message.
- Click
to switch to Html mode. - Create the 2 hyperlinks by inserting the instructions defined below.
Accepted link
noreply@easyvista.com,%20you%20only%20click%20on%20the%20button%20d%27sending%20the%20email.%0ADo%20not%20change%20the%20text%20below%20%0A%0A@OPERATION@%3D%27SOLVE%27%0A@RFC_NUMBER@%3D%27S160824_000001%27%0A@CHOICE@%3D%271%27
{{/code}}
Refused link
mailto:noreply@easyvista.com?subject=Refused&body=To%20refuse%20the%20request,%20you%20only%20click%20on%20the%20button%20d%27sending%20the%20email.%0ADo%20not%20change%20the%20text%20below%20%0A%0A@OPERATION@%3D%27SOLVE%27%0A@RFC_NUMBER@%3D%27S160824_000001%27%0A@CHOICE@%3D%270%27
How to use the CHA's Mailto Code Generator
See CHA's Mailto Code Generator
Step 1: Enter the approval/refusal email.
1. Enter the recipients in the To, CC, BCC fields.
- Separate addresses with commas.
2. Enter the email subject in the Subject field.
3. Enter the email content in the Body area.
- Add the predefined variables depending on the process to carry out.
example Sending a solution email of an incident
@OPERATION@='SOLVE'
@RFC_NUMBER@='#RFC_NUMBER#'
@CHOICE@='1' pour une acceptation ou @CHOICE@='0' pour un refus _ou_ @CHOICE@='2' pour une demande d'information
4. Click Create URL.
Step 2: Test the email display in the inbox.
1. Click Test URL.
2. Make the necessary corrections.
Step 3: Copy the email in the validation step workflow.
1. Copy the generated URL in the Mailto URL area.
2. Go to the validation step workflow in the GUI Worfklow.
3. Switch in the Html mode via .
4. Paste the URL in the Message area.
Wizards
Predefined variables
- Objects types processed: incidents, service requests, change requests and events
- 2 variables identify the actions:
- @ACTION_ID@='#CURRENT_ACTION_ID#': Identifier of the current action
- @ACTION_ID@='#ACTION_ID#': Identifier of the previous action
| Action | Operation | Variable | Example | |||
|---|---|---|---|---|---|---|
| Creation |
|
|
||||
| Modification | UPDATE |
|
|
|||
| Reopening | RESTART |
|
|
|||
| Solution | SOLVE |
|
|
|||
| Storage of attached documents and the reply to the Service Manager emails |
|
|
||||
| On Hold | STOP |
|
|
|||