Who is this article for?

Administrators an IT staff who would like to understand the email tracking service.

Administrator permissions are required.

Saffron is the email tracking and automation engine for Ideagen Mail Manager Enterprise, deployed as a single-tenant Azure Functions service in your own Azure environment to process email tracking metadata and automated filing workflows.

1. Understanding the single-tenant deployment model

Each customer receives a dedicated, isolated set of Azure resources provisioned automatically via Azure Marketplace using a PowerShell setup wizard. The deployment includes Function App, Service Bus, Cosmos DB, and Event Grid resources that live entirely within your own Azure tenant.

No customer data ever leaves your Azure environment. Ideagen-hosted services (Chipotle and Salt) are called over the internet using short-lived, limited-scope tokens.

Saffron runs on Azure Functions v4 with .NET 8 runtime.

2. Understanding how email tracking works

Email tracking stamps saved-location metadata on emails in users' mailboxes so recipients can see when and where a message was filed to SharePoint.

To track an email:

1. The user saves an email in Outlook using the Cinnamon Outlook Add-In, which sends a POST /v1/track request to Saffron with the email ID and SharePoint destination.
2. Saffron places the tracking transaction onto the emailtrackingtransactions Service Bus queue for reliable asynchronous processing.
3. Saffron resolves any distribution group members and filters to internal-only recipients, then places one item per recipient on the emailtrackingrequests queue using Microsoft Graph for user and group lookups.
4. For each recipient, Saffron uses the Microsoft Graph Mail API to write extended properties (SharePoint location and timestamp) and add the Transferred to SharePoint Outlook category to that recipient's copy of the email.

3. Understanding how email automation works

Email automation automatically files incoming emails into SharePoint based on conversation rules or a dedicated save folder, requiring no manual action after initial setup.

To automate email filing:

1. The user creates an automation rule through Cinnamon, which calls POST /v1/automations. Saffron saves the rule in Cosmos DB with status Pending and queues a creation task.
2. Saffron creates a Microsoft Graph mail subscription for the user's mailbox, pointing notifications at an Azure Event Grid partner topic. The rule status becomes Active.
3. When a new matching email arrives, Microsoft pushes a real-time notification via Event Grid to Service Bus (emailautomationnotifications to emailreceivednotifications). Saffron fetches the full email from Graph.
4. Saffron calls the Chipotle save service with the email and the stored SharePoint destination. The email is saved, tracking metadata is stamped, and the counter is incremented in Cosmos DB.

4. Understanding the required Azure resources

The following Azure resources are deployed per customer via Azure Marketplace:

• Azure Function App — hosts the Saffron service with all HTTP triggers, Service Bus triggers, and the cleanup timer (runtime: .NET 8 Isolated, Functions v4, 9 HTTP endpoints, 7 queue triggers plus timer)
• Azure Service Bus — decouples all processing steps for reliability and retry handling (Standard tier, session-enabled, 7 production queues, auto dead-letter after 10 retries)
• Azure Cosmos DB — stores automation rules, Graph subscription tracking, and license token cache (NoSQL API, Serverless tier, 3 containers: automation, subscription, cacheToken)
• Azure Event Grid — receives real-time email arrival notifications from Microsoft Graph and routes them to Service Bus (Partner Topics, Microsoft Graph mail subscriptions, subscriptions auto-renewed)
• Application Insights — provides telemetry, logging, and health monitoring for the Function App and all dependencies (custom severity filtering, request charge tracking, timer trigger audit logs)

5. Understanding the connected services

Saffron integrates with user-facing clients, Microsoft platform services, and Ideagen-hosted platform services.

User-facing services:

• Cinnamon (Outlook Add-In) — modern Angular single-page application embedded in Outlook, providing the primary interface for saving emails, creating automations, and viewing tracking status
• Microsoft 365 Mailboxes — user mailboxes in your Microsoft 365 tenant where Saffron reads and stamps metadata on emails via Graph API

Microsoft platform services:

• Microsoft Graph API — used for all mailbox operations including read and write messages, set extended properties and categories, manage mail subscriptions, and resolve users and groups
• SharePoint (Files) — the destination for saved emails where Saffron writes metadata pointing back to SharePoint (actual file saving is handled by Chipotle)
• Azure AD / Entra ID — an app registration in your tenant provides Saffron's identity using OAuth 2.0 client credentials for all service-to-service calls

Ideagen platform services (hosted by Ideagen):

• Chipotle (Save Service) — receives the email from Saffron and saves it to SharePoint, also sends failure notification emails if an automated save fails
• Salt (Auth and Licensing) — validates customer licenses and issues scoped license tokens that Saffron caches in Cosmos DB to avoid repeated calls
• Mustard (License Backend) — the backing licensing service with no direct integration from Saffron (Salt acts as the API layer)

6. Understanding the Service Bus queues

Saffron uses seven Service Bus queues to process tracking and automation workflows:

Tracking queues:

• emailtrackingtransactions — processes initial tracking requests
• emailtrackingrequests — handles per-recipient tracking operations

Automation queues:

• emailautomationcreations — processes new automation rule creation
• emailautomationnotifications — receives Event Grid notifications
• emailreceivednotifications — processes incoming email notifications
• emaillifecyclenotifications — handles subscription renewal events

Cleanup queue:

• graphsubscriptioncleanup — manages expired subscription cleanup

Note: All queues are session-enabled except emailautomationnotifications. Messages are automatically dead-lettered after 10 failed delivery attempts.

7. Understanding health monitoring and maintenance

Saffron includes built-in health monitoring and automated maintenance features.

Health check endpoint:

The GET /api/health endpoint (authenticated with x-health-check-key header) returns real-time status of the Function App, Service Bus, and Cosmos DB. Configure it via the HealthCheckKey environment variable. The endpoint returns HTTP 200 (healthy), 401 (bad key), or 503 (dependency down).

Graph subscription renewal:

Microsoft Graph mail subscriptions expire periodically. Saffron automatically renews them via the emaillifecyclenotifications queue. If a subscription lapses and cannot be renewed, it is flagged for cleanup and a new one is created.

Save folder cleanup timer:

A configurable Azure timer trigger (default: every Sunday midnight UTC) scans Cosmos DB for save-folder automations where the target Outlook folder has been deleted, and removes them automatically. Configure it via the SaveFolderCleanupTimer CRON expression.