This document and guide will assist you in configuring Email Integration within Naverisk. Email integration allows you to link correspondence to associated support tickets.
IMPORTANT NOTES: We strongly recommend a separate POP mailbox solely for this purpose. Naverisk Version 2022R2 or higher does support Microsoft 365 OAuth connectivity. (See Section Connection 365 accounts)
When saving your integration please hit Save twice to confirm the changes synchronize. Failure to save twice may leave integration unusable
1.0 Prerequisites
1.1 Dedicated POP Mailbox
To set up Email to Ticket Parsing, Create a dedicated POP mailbox to receive emails. Naverisk will frequently check the mailbox and turn any emails in that mailbox to Naverisk Tickets.
Using Email Rules, Naverisk can interpret these emails and automatically assign them an SLA Class, and SLA Status.
Please note:- The mailbox should be clean of mail as it will pull in all mail when it connects.
1.2 Make sure Naverisk can send Emails
To ensure that Naverisk can send emails successfully, first make sure that there is an SMTP server setup for Naverisk to use. It is recommended to use a local SMTP server which permits mail relays from the IP address of the Site Controller.
Please refer to the Site-Controller-Guide under the chapter labelled ‘Add SMTP Server’ for step-by-step instructions on how to set this up.
PLEASE NOTE if using server 2022 or higher, you will be unable to use the local SMTP service on the same server as this feature has been removed by Microsoft. Please use Office 365, Gmail a or similar service with relaying enabled.
After setting up the SMTP server, navigate to Settings > System Settings and enter the connection information for the SMTP gateway address and credentials.
Send a Test Email after to verify that Naverisk can successfully send emails.
2.0 How to Set Up Naverisk Email Integration with POP Account
2.1 Setting up a POP Mailbox
Navigate to Settings > Email Integration and click the New Email Integration Rule on the top-level Client.
Enter the email address and connection details of a specific POP Mailbox.
Image is from pre 2022R2
Image is post 2022R2
The first 10 fields are used to configure the collector that Naverisk will be checking for tickets.
The Default SLA Class, Default SLA Status and Default Ticket Source are mandatory fields used to populate ticket attributes on the generated Naverisk ticket.
2.2 Configuring Mail Fetching with MFA Enabled (Non MS 365)
Many mail providers now use MFA\2FA authentication for secure email. If MFA\2FA is required then Naverisk can still connect to your account via an App Password
This is a secure, auto-generated password for the email account.
Please Note:- That from June 30th 2022 Google require you to use 2FA and an App Password by default. Please see attached guides.
To configure an Application Password, please refer to the Microsoft and Google guides below. Note that while an Application Password can be used for multiple applications, we strongly recommend creating a unique Application Password for Naverisk.
Once you have created the Application Password, enter this password into the Password field in the Naverisk Mail Integration Rule setup.
Important: Do not use your mail account password
3.0 How to Set Up Naverisk Email Integration with MS 365 Account (Post 2022.R2 Release)
IMPORTANT:- If you are a Cloud Customer please skip to section 3.1
Before proceeding please remove any previous integrations. You may also need to be Global Admin in Azure to “Consent on behalf of the company” this to approve the app registration.
The first step is you must create an app registration in your azure portal.
Login into azure and go to app registrations
2. Give the registration a name and then choose your account type.
Nb if you choose single tenant you will need add the below line to your config file asper section 5.
<add key="MicrosoftIdentityProvider_TenantId" value=""/>
The value is the directory tenant ID value. See below image
3. Click on Authentication and choose Web
4. Add the URL of your website and save
The URL should look like below, with your Naverisk web address at the beginning and /Webservices/AuthenticationIntegration.asmx/AuthenticationRedirect after.
5. Go to Certificates & Secrets and add a client secret. Choose the expiry date of the secret. Once done save
Important make sure you keep note of the listed keys you will need to add these to the config file. The generated value called "Value" will be used as the "MicrosoftIdentityProvider_ClientSecret" in the next step.
Edit the config in
C:\Program Files (x86)\Naverisk\SiteController\NaveriskSiteController.exe.config
adding the below keys into the <AppSettings> section.
Make sure to update them with the ClientID (from Office365 Overview -> Application (client) ID) and ClientSecret that you generated above (the generated value called "Value"):
<!-- Microsoft Keys added for O365 Integration -->
<add key="MicrosoftIdentityProvider_ClientId" value="87f10a8c-***********" />
<add key="MicrosoftIdentityProvider_ClientSecret" value="04-8Q~**************************" />
<add key="MicrosoftIdentityProvider_CacheFilenamePrefix" value="identity_client_cache" />
<add key="MicrosoftIdentityProvider_CacheDirectory" value="MicrosoftIdentityCache" />
Once the keys have been added and saved, you will need to restart your NaveriskSiteController service for them to take effect.
Note: If you need to find Client ID this is in the Overview tab as per the image below
see Application (client) ID
If you need to find your Secret ID this can be found in the Certificates and Secrets tab as per the image below.
3.1 Setting up a Mailbox
Navigate to Settings > Email Integration and click the New Email Integration Rule on the top-level Client
2. Choose Microsoft 365 from the drop down menu as above and then enter the details as required.
Please note, The Default SLA Class, Default SLA Status, and Default Ticket Source are mandatory fields used to populate ticket attributes on the generated Naverisk ticket.
Click on connect and you will be prompted to enter your 365 email address
Enter your password and if prompted your MFA authorization.
Once completed your account will show in the email address such as below, and you can then save the integration
Please Note: if you get an error or something like the below then you need to go to your account in 365 and activate the secondary authentication before proceeding.
Make sure to press Save button on the New Email Integration Rule pop up window AND ON THE MIDDLE of the Email Integration page as well.
3.2 How to Set Up Naverisk Email Integration with OAuth 2.0 and a Google Account (2022.R3 Release)
IMPORTANT:- If you are a Cloud Customer please skip to section 3.2.2
3.2.1 The first step is to configure your account within google.
Here is a quick link to the Google Console
Please use the guide below to help create the account.
https://support.google.com/cloud/answer/6158849?hl=en#zippy=%2Cuser-consent%2Cpublic-and-internal-applications
Go to the Google Cloud Platform Console.
From the projects list, select a project or create a new one.
If the APIs & services page isn't already open, open the console left side menu and select APIs & services.
Note - add and enable the Gmail API to your project
If this is your first time creating a client ID, you can also configure your consent screen by clicking Consent Screen. (The following procedure explains how to set up the Consent screen.) You won't be prompted to configure the consent screen after you do it the first time.
Note - Select External user type and click CREATE
Enter App Name
Enter Support Email (must be gmail mailbox)
Add a domain - use the one on your Naverisk URL (ex: naverisk.com)
Enter contact information
Add scopes to your Oauth Consent
Manually add https://mail.google.com to the table
Select the following 3 scope
.../auth/userinfo.email
.../auth/userinfo.profile
Click update
Add Test Users
enter the Gmail mailbox used for the email integration in Naverisk as a Test User in your Oauth constent form
Click SAVE AND CONTINUE
On the left, click Credentials.
Click New Credentials, then select OAuth client ID.
Note: If you're unsure whether OAuth 2.0 is appropriate for your project, select Help me choose and follow the instructions to pick the right credentials.
Select the appropriate application type for your project and enter any additional information required. Application types are described in more detail in the following sections.
Add authorized redirect URLs:
Enter your Naverisk URL with /Webservices/AuthenticationIntegration.asmx/AuthenticationRedirect after
Click Create client ID
Google will provide you with a Client ID and Client Secret as you will need them to update the Naverisk config file
Open the naverisksitecontroller.exe.config file to add the Google config item in the app setting
Typically, this file will be found in the site controller folder: Program File x86 > Site Controller
3.2.2 Once you have created your google account, within Naverisk, choose Google from the dropdown menu as shown below and then enter the details as required.
Click on connect and you will be prompted to enter your google email address
Enter your password and if prompted your MFA authorization.
Once completed your account will show in the email address, and you can then save the integration.
3.3 Certificate Expiry (Important)
Please take note of when your certificate is due to expire. If you let it expire you may not be able to renew and will need to re-create and re-add to all settings. We suggest creating a scheduled ticket to remind you or your team to renew it.
If the certificate has been allowed to expire, then this process should help you reset your connection after you have renewed the certificate in Azure:
Stop Naverisk services.
Backup C:\Program Files (x86)\Naverisk\SiteController\NaveriskSiteController.exe.config
Edit C:\Program Files (x86)\Naverisk\SiteController\NaveriskSiteController.exe.config and update the relevant keys in the <AppSettings> section with the new secret/details for the app registration:
Restart Naverisk services
4.0 Configuring Email Settings
Below is the email to ticket route followed by the Naverisk integration (Naverisk 2023 R1 onwards):
First, Naverisk will check emails subject line of email sent to the integration dedicated mailbox for a matching client and ticket number:
Assigned and unassigned tickets will remain open, and emails are added as a note to matched tickets,
Closed tickets are re-opened and the email is added as a note to matched ticket,
Archived tickets remain archived and new tickets is created against the same client,
Matched tickets of disabled clients will create new tickets in the email integration’s client.
Then, Naverisk will check the email integration's "Allow Mail from Domains/Addresses" field for email addresses and/or domains whitelist (see 4.2):
Emails matching listed email addresses will create new tickets against the email integration’s client,
Emails matching the listed domains will create new tickets against the email integration’s client.
Then, Naverisk will check if the email sender is already a known contact:
Emails of known contacts will create new tickets against the contacts client.
Finally, if an email sent to the integration dedicated mailbox is unmatched, Naverisk will create a ticket in the email integration's client:
Catch all rule – all other emails will create new tickets in the email integration’s client.
4.1 Alert recipients
Naverisk can send Alerts to dedicated persons, teams or distribution groups. Enter their email address in the textbox for Alert Recipients.
4.2 Allow Mail from Domains/Addresses
This will only need to be set up for sub Clients and not the Parent Client. This allows emails that are sent in by these sub Clients to be automatically mapped to the correct Client when creating a Ticket.
The format for this will be the email domain without the ’@’ symbol.
In the response email template enter SupportEmailAcknowledge.template to have a non-Client-specific acknowledgement email sent out upon logging of a support ticket.
We have also included a couple of alternate template designs. For some variation please try the new templates: SupportAcknowledgeExample1.template or SupportAcknowledgeExample2.template
The Response Email Address does not have to be the address of an existing mailbox. If an address is specified in this field then the acknowledgement email will appear to originate from this address.
To test the Email Integration, send a test email to any email addresses that have been configured for Naverisk to monitor.
If these mailboxes are working correctly and the Email Integration is working, a Ticket will be logged in the Naverisk Console matching the test email.
4.3 Configure Naverisk for Client-Specific Email Integration
In addition to setting up Email Integration, set up Naverisk so that support requests from a Client’s domain create support tickets which are automatically associated with that Client. To do this, follow the steps below:
Navigate to Settings > Email Integration and edit each sub Client.
For each sub Client, specify the field labelled ‘Allow Mail from Domains/Addresses’. Populate this with the Domains used by the sub Clients (i.e. Client1.com).
3. When tickets are logged from email address belonging to these domains they will be associated with the correct Client in the Naverisk Tickets Tab.
4.4 Notifications for Email Integration
Alerts for Email Integration are handled differently than Alerts raised automatically by Agent Monitoring.
To have Notifications sent to a specific email account or distribution group when a Support Ticket is logged via email, just populate the ‘Alert Recipients’ field with the email address that notifications should send to.
If there are a number of recipients for this Notification, then the use of a Distribution Group is recommended. Note that this is for alerting engineers, not for alerting a Client.
4.5 Configuring Email Acknowledgements
In the example above, there are two fields labelled ‘Response Email Template’ and ‘Response Email Address’. These are used to define the Email Template sent out to Clients and what address that email will originate from.
The Email Templates are located on the Naverisk Site Controller within the folder ‘C:\Program Files (x86)\naverisk\SiteController\EmailTemplates’ by default and can be edited to match your business requirements.
The following example uses a customized template and illustrates what End Users can expect to see as a result:
This is what End Users would see after submitting a Support Ticket by email:
4.6 Email Cut-Off Functionality
When receiving emails from your customers that generate support tickets, each email that is bridged will also include the signature in most cases. Naverisk has implemented a feature where you can cut off an email at a certain point, for example, the signature in emails. This ensures that a ticket only includes the most relevant information and not the noise from signatures.
To implement this feature, navigate to the Settings tab > Clients & Licensing and take note of the Email cut-off at:
We have this configured to use the beginning of our support email footers and cut off anything else in the email from there.
This means that the signature and anything that follows are not included in the ticket when the email is bridged.
For example, this is what the email looks like when it's about to be sent through Outlook:
The below image is what the Ticket Note will look like in your Naverisk portal when it has been bridged and has the email cut-off functionality configured:
Using the Default Waterline text as per the below screenshot:
This will cut off everything in the email from the generated line in every email. An example of the Waterline Text is included below:
5.0 Emailing Directly from Support Tickets
Users can email directly from Tickets. Edit Ticket and select the Activity tab and click Public Reply.
This opens the email editor (HTML). From 2022R2, by default, email recipients of the last email sent or received will be populated in the TOs and CCs fields as public replies.
Additional recipients can be added by clicking on the + icon on the right. You can also type email addresses directly into the address field. The editor supports formatted (HTML) email including fonts, colour, tables and hyperlinks.
The Canned Text button allows pre-defined email text to be inserted.
The History button inserts ticket history entries.
The Files button is used to attach documents or files to the email, or to insert images inline into the email text.
An explanation of the To and From field (where they are derived from) follows.
To: This is populated based on the Client and Contact Person associated with the Support Ticket.
From: This is populated based on the User assigned to the Ticket. But is customizable.
Note: To set a default From address to be used regardless of User assigned to the Ticket, edit the Response Email Address for your Parent Client under Settings > Email Integration.
6.0 Customizing Naverisk Email Alerts
Things you need to know about customizing your Templates.
There are different ways to use templates You can use the prebuilt ones or follow the steps below to build your own.
Onsite systems: Have the option of editing/replacing the Email Templates in the Naverisk Server location in directory C:\Program Files (x86)\Naverisk\SiteController\EmailTemplates
Cloud systems: Built-in called Email templates from the settings page
Below is the IncidentNew.template as an example for configuration:
The first line is used as the Subject of the email, the rest is shown on the Body of the email.
You can arrange the Template in an order and format of your choice, you can also remove/add lines to the Template to include/exclude information.
You can change the Template anytime without restarting any Naverisk Services.
Make sure to back up the Customized Email Templates as it will be overwritten once an Upgrade is made.
6.1 Template Customization
The following are the relevant Fields that can be included in the Template: Incidents Template
IncidentNew.template
IncidentAddedNotes.template
IncidentReopened.template
IncidentOwnerChanged.template
IncidentSLAChanged.template
IncidentClosed.template
Below are the parameters that you can use in you Template, these can be used in the Subject Line of the Alert which will be used in the first line on the Template, or they can be used for the body of the Email Template.
For some example ideas on how you could set up your templates, we have preloaded the system with some examples. Please refer to SupportAcknowledgeExample1.template and SupportAcknowledgeExample2.template
6.2 HTML Template Customization
Naverisk has the ability to send HTML coded templates for delivery.
For our Onsite customers, this will require a Site Controller Parameter to be set to enable this functionality: <add key="EmailEncoding" value="HTML"/>
For more information on this change, please refer to the Site Controller Parameters Guide in the Naverisk Help.
The first line is used as the subject of the email, the rest of the template consists of the HTML content and will be shown as the Body of the email.
These HTML templates need to be saved with a .html.template extension.
As some email clients may have difficulty with receiving HTML, Naverisk recommends that you also create an accompanying plain text version using the standard .template extension, for Naverisk to fall back on and send in case the HTML version is not accepted by the recipient email client.
When assigning an HTML template as a Response Email Template, the .HTML is not required as the correct template with be automatically used by the system.
For some example ideas on how you could configure your HTML templates, we have preloaded the system with some basic examples utilising simple to modify HTML code. For your reference please check out SupportAcknowledgeExample1.html.template and SupportAcknowledgeExample2.html.template.
Please remember that when assigning a HTML template as a Response Email Template, the .HTML is not required as the correct template with be automatically used by the system, so you only need to enter SupportAcknowledgeExample1.template
6.3 Uploading Email Templates
Under Settings > Email Templates you have the ability to upload text or html based content to send out on your alerting emails
To upload a customized template file, please use the ‘Add’ feature on the right of the template you wish to change:
This will provide you with familiar file selection box to select the template file:
And when successfully uploading, you will see the Custom Template Name as populated with the file name:
Keep in mind that just like most of the Naverisk systems, all settings are Client-specific and can be set differently for different clients based on their varying requirements.
So, we will need to ‘Share’ this template with the sub-clients, if we want it to apply to their tickets too.
This can be accomplished by clicking the green Edit Icon:
And ticking the 'Share Custom Template with Sub-Clients" option:
Additionally, you can also make changes to the template directly using this ‘Edit’ option, and by selecting the ‘Template’ tab:
From this screen, you can modify the Subject Line of the email alert that will be sent, and the email's main body will be presented for you to reword and customize.
Once you are satisfied with the form and have saved the changes, you can forcibly generate an email to test its appearance. This uses the ‘Send Test Email’ button found in the top right:
Select the email you wish to generate, the Client you wish to generate it against, and the email address you wish to send the test through to:
Please note, that the Tests emails are not generated from a Ticket. Ticket parameters mentioned in section 2.5.1, will not be populated in this test ticket:
6.4 Email Integration Enhancements
Naverisk will create an alert when it is unable to get an email from your specified email integration server. See the image below. This will be a notification for each ticket.
6.5 Outbound Email Sending
In Naverisk Settings you can add a sending service for your email
Note:- This is for Onsite Configurations Only
You can send mail to a variety of services including 365.
If you are using 365 you can relay through an account. We recommended an account that is dedicated to your email correspondence such as helpdesk@Itsupport.com and it must have a minimum of a basic 365 license if you are not using MFA. This is so you can activate SMTP Authentication (see the below images under MFA settings)
Here is an example of the 365 settings to enter,
PLEASE NOTE THE SERVER ADDRESS.
smtp-legacy.office365.com (This doesn't use TLS but SSL)
helpdesk@Itsupport.com
App Password for that account
SSL switched on
IMPORTANT
Please Note and important the account can have MFA enabled but you will need to get an app Password. This will require a minimum of a Business Standard Account
Microsoft 365
For 365 click on the below link
https://mysignins.microsoft.com/security-info
Go to security info and add assign in the method being an App Password and follow the next prompts. An app Password will be automatically created for you. Use this as the password within Naverisk.
Important: The below setting must be switched on in the mailbox settings within the user on 365 otherwise it will not authenticate,
Gmail Account
For Google app password creation please use the link below for instructions.
PLEASE NOTE: If you already had email inbound with Oauth configured once you have applied the SMTP authentication will need to go back and re-connect to the inbound settings. This as it will disconnect it.
We have Oauth sending in development currently due mid to late 2023.
7.0 Outbound SPF Record (CLOUD USERS)
If you are using one of the Naverisk Cloud servers to spoof emails to your domains, you will need to add an entry to your SPF record. We use filtering for security. The record to add to your own SPF record is as below.
This will allow your domain to be authenticated on our servers. If you do not do this your email will be marked as spam or may not even be delivered.
7.0 Troubleshooting
7.1 If the Body of an Email is not being Logged in the Ticket
This may happen if using Office 365 as the POP Service. If the body of an email is not displayed or showing in the Naverisk Tickets, try disabling TNEF for that Office 365 mailbox.
How to disable TNEF;
Log onto a computer with PowerShell and Microsoft Online Services Sign-In Assistant installed.
Open an administrative PowerShell window and execute the following command
Run the below command
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection
Import-PSSession $Session
Set-RemoteDomain Default -TNEFEnabled $false