Overview
A mailbox connection tells Ekso how to access an external email account. Once connected, you can set up ticketing to turn inbound emails into work items, reply from within Ekso, and maintain threaded conversations. You manage mailbox connections under Settings > Mailbox. Ekso supports two connection types: IMAP and Microsoft 365.IMAP
Connect to any IMAP-compatible mail server — Google Workspace, Fastmail, or any standard email provider.| Property | Description | Default |
|---|---|---|
| Name | Display name for this mailbox connection | — |
| Connection type | Select Imap | — |
| Server | IMAP server address (e.g., imap.gmail.com) | — |
| Port | IMAP port | 993 |
| Username | Mailbox account username | — |
| Password | Mailbox account password | — |
| SMTP server | Server for sending replies (e.g., smtp.gmail.com) | — |
| SMTP server port | SMTP port | 587 |
| Inbox folder | Which folder to watch for new emails | Inbox |
Microsoft 365
Connect to Microsoft 365 mailboxes using OAuth authentication through Microsoft Graph.| Property | Description |
|---|---|
| Name | Display name for this mailbox connection |
| Connection type | Select Microsoft |
| Email address | Email address of the mailbox to be used |
| OAuth tenant ID | Your Azure AD tenant ID (found in admin.microsoft.com) |
| OAuth client ID | The application client ID from your Azure app registration |
| OAuth client secret value | The secret value (not the secret ID) from your app registration |
| Inbox folder | Which folder to watch for new emails (default: Inbox) |
Azure app registration
Before you can connect a Microsoft 365 mailbox, you need an app registration in Microsoft Entra with the correct Microsoft Graph permissions.Open app registrations
Go to entra.microsoft.com → App registrations → select your app (or create a new one).
Add required permissions
Search for and add the following permissions:
| Permission | Type | Description | Admin consent |
|---|---|---|---|
Mail.Read | Application | Read mail in all mailboxes | Yes |
Mail.ReadBasic | Application | Read basic mail in all mailboxes | Yes |
Mail.ReadBasic.All | Application | Read basic mail in all mailboxes | Yes |
Mail.ReadWrite | Application | Read and write mail in all mailboxes | Yes |
Mail.Send | Application | Send mail as any user | Yes |
MailboxFolder.ReadWrite.All | Application | Read and write all users’ mailbox folders | Yes |
These are Application permissions, not Delegated. This means Ekso accesses the mailbox directly without a signed-in user — which is why admin consent is required for all six permissions. If you already have an app registration for Entra SSO, you can add these permissions to the same registration.
IMAP and Microsoft 365 use different tracking mechanisms. IMAP resumes by message UID (precise per-message tracking). Microsoft 365 resumes by received date (time-window based). Both approaches prevent duplicate processing, but the Microsoft approach means the Start from date on the ticketing configuration is especially important for controlling what gets processed on first activation.