Configure SSO/OAuth with Office 365
For general information on OAuth and how you can get your Single Sign On (SSO) with working with Mail Assure, see Configure OAuth/OpenID Connect Settings.
- Step 1 - Mail Assure Configuration
- Step 2 - Configure Azure Active Directory Settings
- Step 3 - Retrieve Onmicrosoft Account Details for Addition to Mail Assure Control Panel
- Step 4 - Configure Microsoft Details in Mail Assure
- Log into your Mail Assure Control Panel using your branded URL (this is set up in the Hostname field in the Branding Management page. See Create a Custom Control Panel URL).
- In the Admin Level Control Panel, select Branding > Branding Management.
- Ensure that SSO/OAuth login for email users is enabled.
- Add the label text that will be displayed on the login button.
- Click Save.
- Navigate to the domain, by selecting General > Domains Overview and click on the relevant domain.
- Select Users & Permissions > OAuth Settings and make sure that OAuth login is toggled on.
- Copy the url in the Login link field and keep a note of this for using in Step 2 - Configure Azure Active Directory Settings.
- Click Save settings.
- Navigate to the Azure Control Panel and click on Azure Active Directory:
- From the Manage list select App registrations and click on New application registration:
- Add a name in the Name field e.g. Spam Filter.
- Ensure Web app / API is selected from the Application type dropdown.
- In the Sign-on URL field, enter the URL for the branded Mail Assure Control Panel (this is the URL entered in the Hostname field in the Branding Management page in Mail Assure.
- Click Create.
- Click on Settings:
- In the Settings panel, click on Reply URLs and, in the field displayed, add the Login Link URL that you noted in Step 1 - Mail Assure Configuration.
- Next, you need to add a key: In the Settings panel, click on Keys and in the Keys panel, enter a Description e.g. Mail Assure and an expiry option e.g. Never expires.
- Click Save to display the key.
- Copy the key and save it somewhere safe.
- Keep your Azure Active Directory Control Panel open as you will need to return to this screen in Step 4 - Configure Microsoft Details in Mail Assure.
It is important that you do save the key as you will not be able to retrieve it again after leaving the Keys panel.
- In your browser, enter your onmicrosoft URL e.g. https://login.microsoftonline.com/<your Onmicrosoft ID>/.well-known/openid-configuration.
- Copy the page content and format in Notepad in preparation for finalizing the Mail Assure setup in Step 4 - Configure Microsoft Details in Mail Assure:
- In the Mail Assure Control Panel, return to the OAuth Settings page for the domain by selecting Users & Permissions > OAuth Settings.
- In the Provider URL field, enter the onmicrosoft URL without /well-known/openid-configuration at the end. In the example shown in Step 3 - Retrieve Onmicrosoft Account Details for Addition to Mail Assure Control Panel above, this URL would look like:
- In the Client ID field enter the Application ID from the Settings page shown in the Azure setup in Step 2 - Configure Azure Active Directory Settings:
- In the Client Secret field enter the key you retrieved and saved in Step 2 - Configure Azure Active Directory Settings.
- In the Token Endpoint, Authorization endpoint, User Info endpoint and Jwks URL fields, enter the respective URLs defined in the text retrieved from the Onmicrosoft URL in Step 3 - Retrieve Onmicrosoft Account Details for Addition to Mail Assure Control Panel.
- Optionally, enter a link where users can change their password in the Change password URL field, or add a specific logout URL in the Logout URL field.
- Ensure Use Nonce validation is ticked.
- In the User Identification section, ensure Unique name is selected as the Identification method.
- Click Save settings.
The login page for users on that domain will now display the new login button allowing authorization with O365.
Although we strive to provide the most up-to-date information, the instructions covered in the Microsoft configuration may change without our knowledge. To ensure you have the correct up-to-date information, please refer to Microsoft's website.