Configure SSO/OAuth with Office 365
For general information on OAuth and how you can get your Single Sign On (SSO) with working with Mail Assure, see Configure OAuth/OpenID Connect Settings.
- Step 1 - Mail Assure Configuration
- Step 2 - Configure Azure Active Directory Settings
- Step 3 - Configure Microsoft Details in Mail Assure
- Configure SSO/OAuth with Office 365
- Log into your Mail Assure Control Panel using your branded URL (this is set up in the Hostname field in the Branding Management page. See Create a Custom Control Panel URL).
- In the Admin Level Control Panel, select Branding > Branding Management.
- Ensure that SSO/OAuth login for email users is enabled.
- Add the label text that will be displayed on the login button.
- Click Save.
- Navigate to the domain, by selecting General > Domains Overview and click on the relevant domain.
- Select Users & Permissions > OAuth Settings and make sure that OAuth login is toggled on.
- Copy the url in the Login link field and keep a note of this for using in Step 2 - Configure Azure Active Directory Settings.
- Click Save settings.
- Login to the Azure Portal and navigate to the Azure Active Directory:
- From there, select App registrations and create a New registration:
- When adding the New Registration, be sure to fill in the sections as follows:
- Name: The display name for the app registration e.g. Mail Assure SSO
- Scope: As required, but we recommend Accounts in this organizational directory only
- Redirect URI: This should be in the form: https://<replacewith.branded.fqdn>/rest/auth/openid/authorize/mailbox
- Click Register
- Select Overview and take a note of these two ID's as you will need them later:
- Application (client) ID
- Directory (tenant) ID
- Click on Certificates & Secrets and generate the "Client Secret" by clicking New client secret and selecting a validity period and display name for the key
It is important that you do save the key now as it will not be visible once the page is refreshed.
- Keep your Azure Active Directory open as you will need to return to this screen in Step 3 - Configure Microsoft Details in Mail Assure.
- In the Mail Assure Control Panel, return to the OAuth Settings page for the domain by selecting Users & Permissions > OAuth Settings.
- The fields should be filled in as below:
- Login link: https://<yourbrandedhostname>/rest/auth/openid/authorize/mailbox
- Provider URL: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>
- Client ID: <<<Application (client) ID>>>
- Client secret: xxxxxxxxxxxxxxxxxxxxxxxxx - This is generated in the "Certificates & secrets" section of Azure AD.
- Token Endpoint: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>/oauth2/token
- Auth Endpoint: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>/oauth2/authorize
- User info: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>/openid/userinfo
- Jwks URL: https://login.microsoftonline.com/common/discovery/keys
- Use NONCE: yes
- ID Method: Unique name
- Click Save settings.
Although we strive to provide the most up-to-date information, the instructions covered in the Microsoft configuration may change without our knowledge. To ensure you have the correct up-to-date information, please refer to Microsoft's website.
If you have any issues relating to SSO configuration or logging in with SSO, please contact support .