Introducing Email Based Approval in Oracle Integration – Process Automation

Email has historically been the primary means of handling approvals for businesses around the globe. Its popularity as a means for approval, can be attributed due to its vast adoption, ease of use, accessibility and because it leaves a detailed audit trail.

We are excited to announce that with the 25.04 (April) release of Oracle Integration we will be introducing support for email-based approvals. This is a feature that has been eagerly awaited by many of our customers, and we are happy to share its imminent release with you today. 

Why it matters

Knowledge workers spend a considerable amount of time in email each day. The ability to approve a request via email enables them to stay focused as it means that they no longer need to navigate to our Workspace to action tasks. Additionally email based approval, ensures that there is a secondry audit trail for all approval actions.

End User Experience

When this functionality is enabled, business users will continue to receive emails from Oracle Integration – Process, asking them to act (Approve/Reject) on a tasks that need their attention.

However, when they action a task (e.g. click Approve), instead of being navigated to our Workspace, they will see that a reply email is auto-generated that will contain important information needed by Oracle Integration – Process to identify the target task, perform authorization checks and take the intended action. Users can enter a comment here if they wish, which will be associated with their action on the task. Once they are ready they will need to click send.

From this point on Oracle Integration – Process, will do the rest, we will identify the intended task, validate that the user has permission to act on it and reflect their approval action and comments. Task and process audit will reflect this information capturing who approved, when and associated comments

Exception Scenarios

In this section we will, show you how we deal with some common scenarios that may be of interest to you or your IT department:

Email Forwarding

Approval actions submitted by users other than the original recipient will be automatically detected and rejected by Oracle Integration – Process.

Email forwarding, poses a security risk as it may bypass existing controls and policy enforcement measures. To mitigate these risks, Oracle Integration – Process will validate wheather the approval is coming from the original email receipient. If the user taking action is not the intended user, we will send an email to the original task assignee notifying them of this. 

Mandatory Comments

If mandatory comments have been configured on a task action and the user does not provide them via email, they will receive a bounce back email letting them know that a comment is required. They can then action the task again and provide the required comment.

Navigating to the Task in Workspace

In the event that occasionally you still want to navigate to the workspace to see the form, click on the task title hyperlink. This way you have the best of both worlds and maximum flexibility.

Offline Access

Customers who need travel to places with no internet access can still approve emails while being offline. Using email-based semantics, reply emails will be sent out of their outbox once they re-connect.

Understanding the Flow

The below section is targeted at a more technical audience and aims to help implementers understand the flow used by Oracle Integration – Process.

It is important to note that this is an inbound email flow used to poll for approval emails. It is completely different to the outbound flow used to send emails from our service.

Email-based approval is configured at an instance level. Once configured it will be available for all processes in the instance.

1. Process is configured to connect to your email server via IMAP/POP. This is a one-off activity performed in the Workspace by an admin user.
2. A process instance reaches a Human Task that is configured to send an email notification to assignees. Email is sent to users based on the email associated with their user in OCI IAM.
3. Task assignee receives email and actions the task by taking (APPROVE/REJECT/SUBMIT) action.
4. This generates a reply email that contains details such as the NID, action taken and any related comments.
5. When the user clicks send, the reply email is sent to a dedicated Oracle Integration – Process mailbox account.
6. Oracle Integration – Process will poll its dedicated mailbox every 5 min. Any emails received are picked up and processed. Here we will validate that the approver has permission to approve the task and if so, associate their action and provided comments with the Human task. If any errors are encountered, we will send an email to the task assignee.

Configuration

In this section we will discuss how to configure email-based approval.

This configuration is instance dependent and needs to be repeated for each environment where you want to leverage this functionality. It is a best practice and recommended to use environment-specific mailboxes for process. In other words, create a mail box for each Oracle Integration – Process instance.

As a user with Service Administrator privileges (see here), head to the Workspace and select Registered Services.

Here you will see a new option to setup an Inbound Email Polling:

Oracle Process Automation supports the following Email Servers for Email Approval:

• Microsoft Exchange Online
• Gmail

* Microsoft Exchange On-premise connectivity might also be possible but has not been validated by our team. It will also require additional network security steps to allow traffic from Oracle Integration – Process.

Microsoft Exchange Online

• Pre-requisites:
  • Register an application:
    • Follow the steps outlined here.
    • Registering an application in Microsoft Entra establishes a trust relationship between your custom app (used to represent Oracle Integration – Process) and the Microsoft identity platform.
    • Note, you do not need to add a redirect URI for our service.
    • When you complete this step record the Application (client) ID which will be needed for registration later.
  • Add credentials to application:
    • Follow the steps outlined here and add a client secret
    • After registering your application, you can add a credential. Credentials allow your application to authenticate itself.
    • When you complete this step record the Application client secret value which will be needed for registration later.
  • Add IMAP/POP permissions to your application:
    • Follow the steps outlined here.
    • Here you will add the IMAP/POP permissions to your application
    • For example, your permissions may look like the below:

    • 

  • Get tenant admin consent:
    • Follow the steps outlined here.
    • This will allow your application to access Exchange mailboxes via IMAP/POP.
  • Register service principles in Exchange
    • Follow the steps outlined here.
    • Once a tenant admin has given their consent, they must register your applications service principal in Exchange via Exchange Online PowerShell. Without this step Oracle Process Automation will not be able to access the mailbox and registration will fail.
• Registration:
  • Once you have completed the above pre-requisites, as a user with Service Administrator privileges (see here), head to the Workspace and select Registered Services.
  • Here you will see a new option to setup an Email Inbound connection:
  • Enter the following configuration and click Test Connection

IF test is successful, you should go ahead and Register the service. This will complete the setup and your business users will now be able to use Email Approval!

Gmail

• Pre-requisites:
  • Enable IMAP/POP in Gmail
    • Starting January 2025, IMAP access is turned on by default in Gmail. No further action is necessary
    • For POP, follow the steps in Read Gmail messages on other email clients using POP.
      • When messages are accessed with POP you need to opt for either of the following options, so that the read mails are moved out of inbox:
        • Archive Gmail’s copy
        • Delete Gmail’s copy
  • •  
  • Configure App Password

    • Oracle Integration – Process does not support OAuth – Authorization Code flow for inbound Email in this initial release, as such we need to authenticate to Gmail via an app password.

    • An app password is a 16-digit passcode that gives an app permission to access your Google Account. 

    • App passwords can only be used with accounts that have 2-Step Verification turned on. See Turn on 2-Step Verification

    • Create an app password by following the steps outline here.

• Registration:

  • Once you have completed the above pre-requisites, as a user with Service Administrator privileges (see here), head to the Workspace and select Registered Services.

  • Here you will see a new option to setup an Email Inbound connection

  • Enter the following configuration and click Test Connection

Summary

The ability to approve tasks via email is a powerful capability that is available in Oracle Integration – Process in the 25.04 release. This feature allows business users to action tasks on the go without needing to navigate to the Workspace UI. This feature has full support for authorization checking and approval comments.