Outlook Actionable Messages

The Actionable Messages for Outlook integration allows users to perform a host of help desk actions from within their Outlook mailbox, using the actionable emails sent from ServiceDesk Plus. Technicians can pick up and resolve requests, add notes, and perform approval actions, while end-users can add notes to their requests.

The steps to configure the integration are logically organized as follows:

• Prerequisites
• Register your app in Azure
• Configure delegated permission to Microsoft Graph
• Register your service with the developer dashboard
• Configure the integration in ServiceDesk Plus
• Configure Public Key
• Configuring Redirect URL
• Enable notifications in ServiceDesk Plus

Prerequisites  

Ensure that ServiceDesk Plus is hosted on a domain with a valid SSL certificate, run on HTTPS, and publicly accessible. You can also use the Application Proxy feature in Azure to host ServiceDesk Plus publicly. Learn more.

Register your app in Azure

You need to register your application to establish a trust relationship between your application and the Microsoft identity platform. The trust is unidirectional—your app trusts the Microsoft identity platform, and not the other way around. The following instructions help you register your app in the Azure portal and source crucial information that needs to be provided while configuring the integration in ServiceDesk Plus.

1. Sign in to your Azure portal (please refer to the Microsoft help document to learn which user role is required to register the app).
2. If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant in which you want to register an application.
3. Search for and select the Azure Active Directory.
4. On the left pane, go to Manage > App registrations and click New registration.

5. Provide a name for your application. This name will be visible to the app users.
6. Under Supported account types, choose who can access the application. Learn more.
7. Leave the Redirect URI field empty. This field is optional and you will be configuring it at a later point.
8. Click Register.

When the app registration is completed, the Azure portal displays the app's registration Overview pane, which includes its Application (client) ID. This value uniquely identifies your application in the Microsoft identity platform. It also serves as a way for your application's code, or more typically an authentication library, to validate the security tokens received from the identity platform. You need to copy and store the Application ID (client ID) and the Directory ID (tenant ID) securely to configure them in ServiceDesk Plus.

Configure delegated permission to Microsoft Graph

You need to configure delegated permission to Microsoft Graph to enable your client application to perform operations on behalf of the logged-in user, for example reading their email or modifying their profile. By default, users of your client app are asked when they sign in to consent to the delegated permissions you've configured for it.

1. Sign in to your Azure portal.
2. If you have access to multiple tenants, use the Directory + subscription filter in the top menu to select the tenant that holds your app's registration.
3. Select the Azure Active Directory.
4. Under Manage, select App registrations, and choose your client application.
5. Select API permissions > Add a permission > Microsoft Graph > Delegated permissions.
6. Check openid and click Add permissions.

Register your service with the actionable email developer dashboard

To test and publish actionable messages from your service, you need to provide certain information to Microsoft for review and approval to enable this functionality for emails from your service.

In the below section, we will see how to create a provider by filling out the necessary details, obtain the provider ID, and keep the form ready for submission except for the Public Key information.  In a later topic, we will discuss how to provide the Public Key and complete the provider submission. (Alternately, you can just create the provider to obtain the provider ID and keep the form open to fill out the rest along with the Public Key information.)

1. Head to the developer dashboard (please refer to the Microsoft help document to learn which user role is required to register the app).
2. Click New Provider. On the displayed page, a unique Provider Id and the organization info will be auto-populated. These values are non-editable.
3. Provide a descriptive name for the provider.
4. Specify the Sender Email Address, which in this case will be the outgoing mail server set up in ServiceDesk Plus.
5. Provide the Target URLs, which will be your ServiceDesk Plus server URL in this integration. The target URLs can be one or more domains corresponding to URLs that will process the actions. These URLs must be HTTPS-enabled.
6. You need to submit the Public Key obtained after configuring the integration in ServiceDesk Plus. DO NOT submit this page unless you provide the Public Key.
7. Provide a logo that identifies the provider.

8. Under Scope of submission, specify at what scope you need to enable the actionable messages for your service. This scope is typically extended to the Organization to enable actionable messages from your service to any Microsoft 365 email user within your organization.
9. Provide additional information such as the email address of users who must be notified and comments if any.
10. After you peruse the terms and conditions, accept them by selecting the Terms and Conditions checkbox. Leave the provider form open to fill out the Public Key and move on to the next step.

Meanwhile, copy the Provider Id (originator ID) auto-generated and store it in a secure location. This value needs to be configured in the integration settings of ServiceDesk Plus.

Configure the Integration in ServiceDesk Plus

The following instructions will help you complete the integration steps required in ServiceDesk Plus. It will lead you to the next topic, which explains how certain information obtained from the integration configuration need to be provided in the Azure portal and the developer dashboard to complete a full circle.

1. Sign in to ServiceDesk Plus. You need the admin role to set up this integration.
2. Navigate to Admin > Apps & Add-ons > Integrations. In the Third Part tab, go to Actionable messages for Outlook card.
3. Provide the Application ID and Tenant ID auto-generated for your app registered in the Azure portal.
4. Provide the Originator obtained from the actionable email developer dashboard and click Save.

After these configurations are saved, new fields such as SDP Hosted Domain, Redirect URL, and Public Keys will appear with auto-generated values.

Under SDP Hosted Domain, the alias URL configured for your application will be auto-populated. If your application is hosted elsewhere, you can manually enter the domain.

You need to configure Redirect URL and Public Keys in your Azure portal and actionable email developer dashboard respectively using the following pointers:

Configure Public Keys

1. Paste the Public Keys in the corresponding field of the Provider you created in the developer dashboard earlier.

Make sure the required fields are filled out and submit the provider to Microsoft for approval.  

2. Microsoft 365 admins will receive an email about the provider approval. They need to click View submission link in the email to review and approve the provider.

The actionable messages in Outlook will start working an hour later.

Configure Redirect URL

The next step is to set the Redirect URL (generated in the integration settings in ServiceDesk Plus) in your app registered in the Azure portal. The redirect URI is the location where the Microsoft identity platform redirects a user's client and sends security tokens after authentication.

1. Navigate to the app registration's overview page in the Azure portal and click Add a Redirect URI.

2. Click Add a platform > Web.

3. Paste the Redirect URL in the respective field.
4. Enable Access tokens and ID tokens.
5. Click Configure.

This brings us to the end of setting up actionable messages from ServiceDesk Plus to Outlook. The next step is to enable the notifications in ServiceDesk Plus that can be specially formatted and delivered to Outlook.

Enable Notifications in ServiceDesk Plus

Actionable messages are currently supported for specific request email notifications sent from ServiceDesk Plus. You need to enable these notifications under Admin > Automation > Notification Rules. You need the admin role to enable these notifications.

• Requester Notifications > Acknowledge requester by e-mail when a new request is received.
• Technician Notifications > Alert the following technician(s) by e-mail when a new request is created.
• Technician Notifications > Alert technician by e-mail when a request is assigned.

When users access the first actionable message received from ServiceDesk Plus in Outlook, they need to authorize ServiceDesk Plus. This is a one-time authorization required to map the user's Microsoft and ServiceDesk Plus accounts.

Users can perform the following ServiceDesk Plus actions from within their Outlook inbox:

• Add notes to requests
• Resolve requests
• Pick up requests
• Perform request approval