Table of Contents
1 Automated Gmail/Office365 media types
Overview
Gmail or Office365 users may benefit from automated features in media type configuration.
Configuration
The Email provider field in the email media type configuration allows to select pre-configured options for Gmail and Office 365.
When selecting the Gmail/Office365 related options, it is only required to supply the sender email address/password to create a working media type.
As soon as the email address/password is supplied, Zabbix will be able to automatically fill all required settings for Gmail/Office365 media types with the actual/recommended values, i.e., SMTP server, SMTP server port, SMTP helo, and Connection security. Because of this automation, these fields are not even shown, however, it is possible to see the SMTP server and email details in the media type list (see the Details column).
Note also that:
- The password is not required for the relay options.
- For Office365 relay, the domain name of the provided email address will be used to dynamically fill the SMTP server (i.e., replace "example.com" in
example-com.mail.protection.outlook.comwith the real value).
OAuth tokens
The retrieval of OAuth tokens has automated features for Gmail, Gmail relay and Office365 email providers.
It is only necessary to supply a limited set of parameters for OAuth access and refresh token retrieval - Redirection endpoint, Client ID and Client secret. Zabbix will automatically fill the other required values (see OAuth URL defaults by provider).
Note that it is also possible to use the Generic SMTP form for setting up OAuth authorization for these providers.
OAuth URL defaults by provider
The following table lists default OAuth URL values and parameters per provider that are used by Zabbix.
| Parameter | Gmail | Office365 | Generic SMTP | |
|---|---|---|---|---|
| Authorization endpoint | https://accounts.google.com/o/oauth2/v2/auth |
https://login.microsoftonline.com/common/oauth2/v2.0/authorize |
No default | |
| scope | https://mail.google.com |
https://outlook.office.com/SMTP.Send, offline_access |
No default | |
| access_type | offline |
Not used | No default | |
| prompt | consent |
Not used | No default | |
| redirect_uri | Value of Redirection endpoint field is added by code automatically. Not listed in Authorization endpoint parameters. | |||
| state | Unique hash to identify media being updated with OAuth token is added by code automatically. Not listed in Authorization endpoint parameters. | |||
| Token endpoint | https://oauth2.googleapis.com/token |
https://login.microsoftonline.com/common/oauth2/v2.0/token |
No default | |
| grant_type | authorization_code |
authorization_code |
No default | |
| redirect_uri | Value of Redirection endpoint field is added by code automatically. Not listed in Token endpoint parameters. | |||
| state | Unique hash to identify media being updated with OAuth token is added by code automatically. Not listed in Token endpoint parameters. | |||
Office365 workaround for personal accounts
Office365 personal accounts do not support query strings in the redirect URL.
To work around this issues the Apache web server administrator can add the following rewrite rule to the .htaccess file:
RewriteEngine On
RewriteRule ^/oauth\.authorize$ /zabbix.php?action=oauth.authorize [QSA,L,PT]This enables the use of a simplified redirect URL like:
http://server-name/zabbix/oauth.authorizeinstead of a URL with query parameters, ensuring compatibility with Office365 personal accounts.