Mail Assure Help

Configure SSO/OAuth with Office 365

For general information on OAuth and how you can get your Single Sign On (SSO) with working with Mail Assure, see Configure OAuth/OpenID Connect Settings.

Step 1 - Mail Assure Configuration

  1. Log into your Mail Assure Control Panel using your branded URL (this is set up in the Hostname field in the Branding Management page. See Create a Custom Control Panel URL).
  2. In the Admin Level Control Panel, select Branding > Branding Management.
  3. Ensure that SSO/OAuth login for email users is enabled.
  4. Add the label text that will be displayed on the login button.
  5. Click Save.
  6. Navigate to the domain, by selecting General > Domains Overview and click on the relevant domain.
  7. Select Users & Permissions > OAuth Settings and make sure that OAuth login is toggled on.
  8. Copy the url in the Login link field and keep a note of this for using in Step 2 - Configure Azure Active Directory Settings.
  9. Click Save settings.

Step 2 - Configure Azure Active Directory Settings

  1. Navigate to the Azure Control Panel and click on Azure Active Directory:
  2. From the Manage list select App registrations and click on New application registration:
  3. Add a name in the Name field e.g. Spam Filter.
  4. Ensure Web app / API is selected from the Application type dropdown.
  5. In the Sign-on URL field, enter the URL for the branded Mail Assure Control Panel (this is the URL entered in the Hostname field in the Branding Management page in Mail Assure.
  6. Click Create.
  7. Click on Settings:
  8. In the Settings panel, click on Reply URLs and, in the field displayed, add the Login Link URL that you noted in Step 1 - Mail Assure Configuration.
  9. Next, you need to add a key: In the Settings panel, click on Keys and in the Keys panel, enter a Description e.g. Mail Assure and an expiry option e.g. Never expires.
  10. Click Save to display the key.
  11. Copy the key and save it somewhere safe.
  12. It is important that you do save the key as you will not be able to retrieve it again after leaving the Keys panel.

  13. Keep your Azure Active Directory Control Panel open as you will need to return to this screen in Step 4 - Configure Microsoft Details in Mail Assure.

Step 3 - Retrieve Onmicrosoft Account Details for Addition to Mail Assure Control Panel

  1. In your browser, enter your onmicrosoft URL e.g. https://login.microsoftonline.com/<your Onmicrosoft ID>/.well-known/openid-configuration.
  2. For example:

    https://login.microsoftonline.com/myid.onmicrosoft.com/.well-known/openid-configuration

  3. Copy the page content and format in Notepad in preparation for finalizing the Mail Assure setup in Step 4 - Configure Microsoft Details in Mail Assure:

Step 4 - Configure Microsoft Details in Mail Assure

  1. In the Mail Assure Control Panel, return to the OAuth Settings page for the domain by selecting Users & Permissions > OAuth Settings.
  2. In the Provider URL field, enter the onmicrosoft URL without /well-known/openid-configuration at the end. In the example shown in Step 3 - Retrieve Onmicrosoft Account Details for Addition to Mail Assure Control Panel above, this URL would look like:
  3. https://login.microsoftonline.com/myid.onmicrosoft.com/

  4. In the Client ID field enter the Application ID from the Settings page shown in the Azure setup in Step 2 - Configure Azure Active Directory Settings:
  5. In the Client Secret field enter the key you retrieved and saved in Step 2 - Configure Azure Active Directory Settings.
  6. In the Token Endpoint, Authorization endpoint, User Info endpoint and Jwks URL fields, enter the respective URLs defined in the text retrieved from the Onmicrosoft URL in Step 3 - Retrieve Onmicrosoft Account Details for Addition to Mail Assure Control Panel.
  7. Optionally, enter a link where users can change their password in the Change password URL field, or add a specific logout URL in the Logout URL field.
  8. Ensure Use Nonce validation is ticked.
  9. In the User Identification section, ensure Verified Email is selected as the Identification method.
  10. Click Save settings.
  11. The login page for users on that domain will now display the new login button allowing authorization with O365.

Although we strive to provide the most up-to-date information, the instructions covered in the Microsoft configuration may change without our knowledge. To ensure you have the correct up-to-date information, please refer to Microsoft's website.