Spam Experts Help

Configure SSO/OAuth with Office 365

For general information on OAuth and how you can get your Single Sign On (SSO) with working with Spam Experts, see Configure OAuth/OpenID Connect Settings.

Step 1 - Spam Experts Configuration

  1. Log into your Spam Experts Control Panel using your branded URL (this is set up in the Hostname field in the Branding Management page. See Create a Custom Control Panel URL).
  2. In the Admin Level Control Panel, select Branding > Branding Management.
  3. Ensure that SSO/OAuth login for email users is enabled.
  4. Add the label text that will be displayed on the login button.
  5. Click Save.
  6. Navigate to the domain, by selecting General > Domains Overview and click on the relevant domain.
  7. Select Users & Permissions > OAuth Settings and make sure that OAuth login is toggled on.
  8. Copy the url in the Login link field and keep a note of this for using in Step 2 - Configure Azure Active Directory Settings.
  9. Click Save settings.

Step 2 - Configure Azure Active Directory Settings

  1. Login to the Azure Portal and navigate to the Azure Active Directory:
  2. From there, select App registrations and create a New registration:
  3. When adding the New Registration, be sure to fill in the sections as follows:
    • Name: The display name for the app registration e.g. Spam Experts SSO
    • Scope: As required, but we recommend Accounts in this organizational directory only
    • Redirect URI: This should be in the form: https://<replacewith.branded.fqdn>/rest/auth/openid/authorize/mailbox
  4. Click Register
  5. Select Overview and take a note of these two ID's as you will need them later:
    • Application (client) ID
    • Directory (tenant) ID

  6. Click on Certificates & Secrets and generate the "Client Secret" by clicking New client secret and selecting a validity period and display name for the key

    It is important that you do save the key now as it will not be visible once the page is refreshed.

  7. Keep your Azure Active Directory open as you will need to return to this screen in Step 3 - Configure Microsoft Details in Spam Experts.

Step 3 - Configure Microsoft Details in Spam Experts

  1. In the Spam Experts Control Panel, return to the OAuth Settings page for the domain by selecting Users & Permissions > OAuth Settings.
  2. The fields should be filled in as below:
    • Login link: https://<yourbrandedhostname>/rest/auth/openid/authorize/mailbox
    • Provider URL: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>
    • Client ID: <<<Application (client) ID>>>
    • Client secret: xxxxxxxxxxxxxxxxxxxxxxxxx - This is generated in the "Certificates & secrets" section of Azure AD.
    • Token Endpoint: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>/oauth2/token
    • Auth Endpoint: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>/oauth2/authorize
    • User info: https://login.microsoftonline.com/<<<Directory (tenant) ID>>>/openid/userinfo
    • Jwks URL: https://login.microsoftonline.com/common/discovery/keys
    • Use NONCE: yes
    • ID Method: Unique name
  3. Click Save settings.

Although we strive to provide the most up-to-date information, the instructions covered in the Microsoft configuration may change without our knowledge. To ensure you have the correct up-to-date information, please refer to Microsoft's website.

If you have any issues relating to SSO configuration or logging in with SSO, please contact support .