Elastic Outlook connector reference
editElastic Outlook connector reference
editThe Elastic Outlook connector is built with the Elastic connector framework and is available as a self-managed self-managed connector.
Elastic managed connector reference
editView Elastic managed connector reference
Availability and prerequisites
editThis connector is available as a managed connector (managed service) in Elastic Cloud.
This connector is compatible with Elastic versions 8.13.0+.
To use this connector, satisfy all managed connector requirements.
Create a Outlook connector
editUse the UI
editTo create a new Outlook connector:
- In the Kibana UI, navigate to the Search → Content → Connectors page from the main menu, or use the global search field.
- Follow the instructions to create a new native Outlook connector.
For additional operations, see Connectors UI in Kibana.
Use the API
editYou can use the Elasticsearch Create connector API to create a new native Outlook connector.
For example:
resp = client.connector.put( connector_id="my-{service-name-stub}-connector", index_name="my-elasticsearch-index", name="Content synced from {service-name}", service_type="{service-name-stub}", is_native=True, ) print(resp)
const response = await client.connector.put({ connector_id: "my-{service-name-stub}-connector", index_name: "my-elasticsearch-index", name: "Content synced from {service-name}", service_type: "{service-name-stub}", is_native: true, }); console.log(response);
PUT _connector/my-outlook-connector { "index_name": "my-elasticsearch-index", "name": "Content synced from Outlook", "service_type": "outlook", "is_native": true }
You’ll also need to create an API key for the connector to use.
The user needs the cluster privileges manage_api_key
, manage_connector
and write_connector_secrets
to generate API keys programmatically.
To create an API key for the connector:
-
Run the following command, replacing values where indicated. Note the
id
andencoded
return values from the response:resp = client.security.create_api_key( name="my-connector-api-key", role_descriptors={ "my-connector-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "my-index_name", ".search-acl-filter-my-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": False } ] } }, ) print(resp)
const response = await client.security.createApiKey({ name: "my-connector-api-key", role_descriptors: { "my-connector-connector-role": { cluster: ["monitor", "manage_connector"], indices: [ { names: [ "my-index_name", ".search-acl-filter-my-index_name", ".elastic-connectors*", ], privileges: ["all"], allow_restricted_indices: false, }, ], }, }, }); console.log(response);
POST /_security/api_key { "name": "my-connector-api-key", "role_descriptors": { "my-connector-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "my-index_name", ".search-acl-filter-my-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": false } ] } } }
-
Use the
encoded
value to store a connector secret, and note theid
return value from this response:resp = client.perform_request( "POST", "/_connector/_secret", headers={"Content-Type": "application/json"}, body={ "value": "encoded_api_key" }, ) print(resp)
const response = await client.transport.request({ method: "POST", path: "/_connector/_secret", body: { value: "encoded_api_key", }, }); console.log(response);
POST _connector/_secret { "value": "encoded_api_key" }
-
Use the API key
id
and the connector secretid
to update the connector:resp = client.connector.update_api_key_id( connector_id="my_connector_id>", api_key_id="API key_id", api_key_secret_id="secret_id", ) print(resp)
const response = await client.connector.updateApiKeyId({ connector_id: "my_connector_id>", api_key_id: "API key_id", api_key_secret_id: "secret_id", }); console.log(response);
PUT /_connector/my_connector_id>/_api_key_id { "api_key_id": "API key_id", "api_key_secret_id": "secret_id" }
Refer to the Elasticsearch API documentation for details of all available Connector APIs.
Usage
editTo use this connector as a managed connector in Elastic Cloud, use the Connectors workflow in the Kibana UI.
To create a new Outlook connector:
- Navigate to Search → Connectors page in the Kibana UI.
- Select the New Native Connector button.
- Select the Outlook connector.
For additional operations, see Connectors UI in Kibana.
Connecting to Outlook
editOutlook connector supports both cloud (Office365 Outlook) and on-premises (Exchange Server) platforms.
Connect to Exchange Server
editIn order to connect to Exchange server, the connector fetches Active Directory users with the help of ldap3
python library.
Connect to Office365 Outlook (Outlook Cloud)
editTo integrate with the Outlook connector using Azure, follow these steps to create and configure an Azure application:
- Navigate to the Azure Portal and log in using your credentials.
- Click on App registrations to register a new application.
-
Navigate to the Overview tab. Make a note of the
Client ID
andTenant ID
. - Click on the Certificates & secrets tab and create a new client secret. Keep this secret handy.
-
Go to the API permissions tab.
- Click on "Add permissions."
- Choose "APIs my organization uses."
- Search for and select "Office 365 Exchange Online."
-
Add the
full_access_as_app
application permission.
You can now use the Client ID, Tenant ID, and Client Secret you’ve noted to configure the Outlook connector.
Configuration
edit- Outlook data source (required)
-
Dropdown to determine Outlook platform type:
outlook_cloud
oroutlook_server
. Default value isoutlook_cloud
. - Tenant ID
-
Required if data source is
outlook_cloud
. The Tenant ID for the Azure account hosting the Outlook instance. - Client ID
-
Required if data source is
outlook_cloud
. The Client ID to authenticate with Outlook instance. - Client Secret Value
-
Required if data source is
outlook_cloud
. The Client Secret value to authenticate with Outlook instance. - Exchange Server
-
Required if data source is
outlook_server
. IP address to connect with Exchange server. Example:127.0.0.1
- Active Directory Server
-
Required if data source is
outlook_server
. IP address to fetch users from Exchange Active Directory to fetch data. Example:127.0.0.1
- Exchange server username
-
Required if data source is
outlook_server
. Username to authenticate with Exchange server. - Exchange server password
-
Required if data source is
outlook_server
. Password to authenticate with Exchange server. - Exchange server domain name
-
Required if data source is
outlook_server
. Domain name for Exchange server users such asgmail.com
orexchange.local
. - Enable SSL
-
Whether SSL verification will be enabled. Default value is
False
. Note: This configuration is applicable forOutlook Server
only. - SSL certificate
-
Required if ssl is enabled. Content of SSL certificate. Example certificate:
-----BEGIN CERTIFICATE----- MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT ... 7RhLQyWn2u00L7/9Omw= -----END CERTIFICATE-----
Note: This configuration is applicable for
Outlook Server
only. - Document level security
-
Toggle to enable Document level security (DLS). When enabled:
-
Full syncs will fetch access control lists for each document and store them in the
_allow_access_control
field. - Access control syncs fetch users' access control lists and store them in a separate index.
-
Full syncs will fetch access control lists for each document and store them in the
Content Extraction
editRefer to Content extraction.
Documents and syncs
editThe connector syncs the following objects and entities:
-
Mails
- Inbox Mails
- Sent Mails
- Archive Mails
- Junk Mails
- Contacts
- Calendar Events
- Tasks
-
Attachments
- Mail Attachments
- Task Attachments
- Calendar Attachments
- Content from files bigger than 10 MB won’t be extracted. (Self-managed connectors can use the self-managed local extraction service to handle larger binary files.)
- Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elastic Deployment.
Sync types
editFull syncs are supported by default for all connectors.
This connector also supports incremental syncs.
Document level security
editDocument level security (DLS) enables you to restrict access to documents based on a user’s permissions. Refer to configuration on this page for how to enable DLS for this connector.
Refer to DLS in Search Applications to learn how to ingest data from a connector with DLS enabled, when building a search application. The example uses SharePoint Online as the data source, but the same steps apply to every connector.
Sync rules
editBasic sync rules are identical for all connectors and are available by default.
Advanced Sync Rules
editAdvanced sync rules are not available for this connector in the present version.
Connector Client operations
editEnd-to-end Testing
editNote: End-to-end testing is not available in the current version of the connector.
Known issues
editThere are currently no known issues for this connector. Refer to Known issues for a list of known issues for all connectors.
Troubleshooting
editSee Troubleshooting.
Security
editSee Security.
Framework and source
editThis connector is written in Python using the Elastic connector framework.
View the source code for this connector (branch 8.17, compatible with Elastic 8.17).
Self-managed connector reference
editView self-managed connector reference
Availability and prerequisites
editThis connector is available as a self-managed self-managed connector. To use this connector, satisfy all self-managed connector prerequisites.
Create a Outlook connector
editUse the UI
editTo create a new Outlook connector:
- In the Kibana UI, navigate to the Search → Content → Connectors page from the main menu, or use the global search field.
- Follow the instructions to create a new Outlook self-managed connector.
Use the API
editYou can use the Elasticsearch Create connector API to create a new self-managed Outlook self-managed connector.
For example:
resp = client.connector.put( connector_id="my-{service-name-stub}-connector", index_name="my-elasticsearch-index", name="Content synced from {service-name}", service_type="{service-name-stub}", ) print(resp)
const response = await client.connector.put({ connector_id: "my-{service-name-stub}-connector", index_name: "my-elasticsearch-index", name: "Content synced from {service-name}", service_type: "{service-name-stub}", }); console.log(response);
PUT _connector/my-outlook-connector { "index_name": "my-elasticsearch-index", "name": "Content synced from Outlook", "service_type": "outlook" }
You’ll also need to create an API key for the connector to use.
The user needs the cluster privileges manage_api_key
, manage_connector
and write_connector_secrets
to generate API keys programmatically.
To create an API key for the connector:
-
Run the following command, replacing values where indicated. Note the
encoded
return values from the response:resp = client.security.create_api_key( name="connector_name-connector-api-key", role_descriptors={ "connector_name-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "index_name", ".search-acl-filter-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": False } ] } }, ) print(resp)
const response = await client.security.createApiKey({ name: "connector_name-connector-api-key", role_descriptors: { "connector_name-connector-role": { cluster: ["monitor", "manage_connector"], indices: [ { names: [ "index_name", ".search-acl-filter-index_name", ".elastic-connectors*", ], privileges: ["all"], allow_restricted_indices: false, }, ], }, }, }); console.log(response);
POST /_security/api_key { "name": "connector_name-connector-api-key", "role_descriptors": { "connector_name-connector-role": { "cluster": [ "monitor", "manage_connector" ], "indices": [ { "names": [ "index_name", ".search-acl-filter-index_name", ".elastic-connectors*" ], "privileges": [ "all" ], "allow_restricted_indices": false } ] } } }
-
Update your
config.yml
file with the API keyencoded
value.
Refer to the Elasticsearch API documentation for details of all available Connector APIs.
Usage
editTo use this connector as a self-managed connector, use the Outlook tile from the connectors list OR Customized connector workflow.
For additional operations, see Connectors UI in Kibana.
Connecting to Outlook
editOutlook connector supports both cloud (Office365 Outlook) and on-premises (Exchange Server) platforms.
Connect to Exchange Server
editIn order to connect to Exchange server, the connector fetches Active Directory users with the help of ldap3
python library.
Connect to Office365 Outlook (Outlook Cloud)
editTo integrate with the Outlook connector using Azure, follow these steps to create and configure an Azure application:
- Navigate to the Azure Portal and log in using your credentials.
- Click on App registrations to register a new application.
-
Navigate to the Overview tab. Make a note of the
Client ID
andTenant ID
. - Click on the Certificates & secrets tab and create a new client secret. Keep this secret handy.
-
Go to the API permissions tab.
- Click on "Add permissions."
- Choose "APIs my organization uses."
- Search for and select "Office 365 Exchange Online."
-
Add the
full_access_as_app
application permission.
You can now use the Client ID, Tenant ID, and Client Secret you’ve noted to configure the Outlook connector.
Configuration
edit-
data_source
-
(required)
Dropdown to determine Outlook platform type:
outlook_cloud
oroutlook_server
. Default value isoutlook_cloud
. -
tenant_id
- (required if data source is outlook_cloud) The Tenant ID for the Azure account hosting the Outlook instance.
-
client_id
- (required if data source is outlook_cloud) The Client ID to authenticate with Outlook instance.
-
client_secret
- (required if data source is outlook_cloud) The Client Secret value to authenticate with Outlook instance.
-
exchange_server
-
(required if data source is outlook_server)
IP address to connect with Exchange server. Example:
127.0.0.1
-
active_directory_server
-
(required if data source is outlook_server)
IP address to fetch users from Exchange Active Directory to fetch data. Example:
127.0.0.1
-
username
- (required if data source is outlook_server) Username to authenticate with Exchange server.
-
password
- (required if data source is outlook_server) Password to authenticate with Exchange server.
-
domain
-
(required if data source is outlook_server)
Domain name for Exchange server users such as
gmail.com
orexchange.local
. -
ssl_enabled
-
Whether SSL verification will be enabled. Default value is
False
. Note: This configuration is applicable forOutlook Server
only. -
ssl_ca
-
(required if ssl is enabled) Content of SSL certificate. Example certificate:
-----BEGIN CERTIFICATE----- MIID+jCCAuKgAwIBAgIGAJJMzlxLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYT ... 7RhLQyWn2u00L7/9Omw= -----END CERTIFICATE-----
-
use_text_extraction_service
-
Use self-hosted content extraction service.
Default value is
False
. -
document_level_security
-
Toggle to enable Document level security (DLS). When enabled:
-
Full syncs will fetch access control lists for each document and store them in the
_allow_access_control
field. - Access control syncs fetch users' access control lists and store them in a separate index.
-
Full syncs will fetch access control lists for each document and store them in the
Note: This configuration is applicable for Outlook Server
only.
Deployment using Docker
editYou can deploy the Outlook connector as a self-managed connector using Docker. Follow these instructions.
Step 1: Download sample configuration file
Download the sample configuration file. You can either download it manually or run the following command:
curl https://raw.githubusercontent.com/elastic/connectors/main/config.yml.example --output ~/connectors-config/config.yml
Remember to update the --output
argument value if your directory name is different, or you want to use a different config file name.
Step 2: Update the configuration file for your self-managed connector
Update the configuration file with the following settings to match your environment:
-
elasticsearch.host
-
elasticsearch.api_key
-
connectors
If you’re running the connector service against a Dockerized version of Elasticsearch and Kibana, your config file will look like this:
# When connecting to your cloud deployment you should edit the host value elasticsearch.host: http://host.docker.internal:9200 elasticsearch.api_key: <ELASTICSEARCH_API_KEY> connectors: - connector_id: <CONNECTOR_ID_FROM_KIBANA> service_type: outlook api_key: <CONNECTOR_API_KEY_FROM_KIBANA> # Optional. If not provided, the connector will use the elasticsearch.api_key instead
Using the elasticsearch.api_key
is the recommended authentication method. However, you can also use elasticsearch.username
and elasticsearch.password
to authenticate with your Elasticsearch instance.
Note: You can change other default configurations by simply uncommenting specific settings in the configuration file and modifying their values.
Step 3: Run the Docker image
Run the Docker image with the Connector Service using the following command:
docker run \ -v ~/connectors-config:/config \ --network "elastic" \ --tty \ --rm \ docker.elastic.co/enterprise-search/elastic-connectors:8.17.1.0 \ /app/bin/elastic-ingest \ -c /config/config.yml
Refer to DOCKER.md
in the elastic/connectors
repo for more details.
Find all available Docker images in the official registry.
We also have a quickstart self-managed option using Docker Compose, so you can spin up all required services at once: Elasticsearch, Kibana, and the connectors service.
Refer to this README in the elastic/connectors
repo for more information.
Content Extraction
editRefer to Content extraction.
Documents and syncs
editThe connector syncs the following objects and entities:
-
Mails
- Inbox Mails
- Sent Mails
- Archive Mails
- Junk Mails
- Contacts
- Calendar Events
- Tasks
-
Attachments
- Mail Attachments
- Task Attachments
- Calendar Attachments
- Content from files bigger than 10 MB won’t be extracted by default. You can use the self-managed local extraction service to handle larger binary files.
- Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elastic Deployment.
Sync types
editFull syncs are supported by default for all connectors.
This connector also supports incremental syncs.
Document level security
editDocument level security (DLS) enables you to restrict access to documents based on a user’s permissions. Refer to configuration on this page for how to enable DLS for this connector.
Refer to DLS in Search Applications to learn how to ingest data from a connector with DLS enabled, when building a search application. The example uses SharePoint Online as the data source, but the same steps apply to every connector.
Sync rules
editBasic sync rules are identical for all connectors and are available by default.
Advanced Sync Rules
editAdvanced sync rules are not available for this connector in the present version.
Connector Client operations
editEnd-to-end Testing
editNote: End-to-end testing is not available in the current version of the connector.
Known issues
editThere are currently no known issues for this connector. Refer to Known issues for a list of known issues for all connectors.
Troubleshooting
editSee Troubleshooting.
Security
editSee Security.
Framework and source
editThis connector is included in the Elastic connector framework.
View the source code for this connector (branch 8.17, compatible with Elastic 8.17).