Skip to main content

Overview

A mailbox connection tells Ekso how to access an external email account. Once connected, you can set up ticketing to turn inbound emails into work items, reply from within Ekso, and maintain threaded conversations. You manage mailbox connections under Settings > Mailbox. Ekso supports two connection types: IMAP and Microsoft 365.

IMAP

Connect to any IMAP-compatible mail server — Google Workspace, Fastmail, or any standard email provider. IMAP connections track the last processed email by its UID (a unique message identifier assigned by the mail server). Each processing cycle queries for unseen messages or messages with a UID greater than the last processed one. This means IMAP picks up exactly where it left off, message by message.

Microsoft 365

Connect to Microsoft 365 mailboxes using OAuth authentication through Microsoft Graph.

Azure app registration

Before you can connect a Microsoft 365 mailbox, you need an app registration in Microsoft Entra with the correct Microsoft Graph permissions.
1

Open app registrations

Go to entra.microsoft.comApp registrations → select your app (or create a new one).
2

Add API permissions

Click API permissions+ Add a permission.
3

Select Microsoft Graph

Select Microsoft GraphApplication permissions.
4

Add required permissions

Search for and add the following permissions:
5

Grant admin consent

Click Grant admin consent for [your organization] and confirm. All six permissions require admin consent.
These are Application permissions, not Delegated. This means Ekso accesses the mailbox directly without a signed-in user — which is why admin consent is required for all six permissions. If you already have an app registration for Entra SSO, you can add these permissions to the same registration.
When creating a client secret under Certificates & secrets, copy the secret value — not the secret ID. The value is only shown once at creation time. This is the value you enter in the OAuth client secret value field.
Microsoft connections track the last processed date rather than UIDs. Each processing cycle queries Microsoft Graph for messages received after the last processed timestamp. The Start from date in the ticketing configuration sets the initial boundary — Ekso only processes emails received on or after this date, so historical emails in the mailbox are not accidentally converted into tickets.
IMAP and Microsoft 365 use different tracking mechanisms. IMAP resumes by message UID (precise per-message tracking). Microsoft 365 resumes by received date (time-window based). Both approaches prevent duplicate processing, but the Microsoft approach means the Start from date on the ticketing configuration is especially important for controlling what gets processed on first activation.
Use Microsoft 365 if your organization is already on Microsoft 365. The OAuth approach avoids storing email passwords and supports modern authentication policies like conditional access.

Credentials

All mailbox credentials are encrypted at rest before storage.

Testing connections

Use the connection test to verify that Ekso can connect to the mail server with the provided credentials. Test before setting up ticketing to catch configuration issues early. For end-to-end ticketing pipeline testing, see testing in the ticketing guide.