User Tools

Site Tools


microsoft_azure_oauth_2_0

Configuration of OAuth 2.0 for Microsoft Azure

First of all, it is necessary to register the application.
More information about it can be taken from here

However, the first step is to go to App Registrations.

Create a new Registration, name it.
Leave everything else by default except the redirect URI.

It should look like this:
https://lucyurl.com/oauth/admin
https://lucyurl.com/oauth/user
Make sure that there is no extra trailing slash in the end of the URI, it can cause an error. It is possible to configure the second URI later.

These two URIs are required for administrative authentication and user login.
If SSO is not required for Admins, it is possible not to set the link.

The front-channel logout URL is optional.

As soon as done, please copy Tenant ID and Client ID into your LUCY app.
Settings → SSO Settings.

Copy Tenant ID and the Client ID from Azure to LUCY.

Create Client Secret in Azure's Clients and Secrets section, paste the VALUE into LUCY as well.

Do not forget to add the second Redirect URI (If required).
It can be done in the Authentication section.

Azure SMTP Settings

To use an external SMTP server via Azure you will first need to add the redirect URI in the Authentication section of the App that you registered. This URI is required for SMTP authentication. It should look like this:
https://lucyurl.com/smtp/oauth
Make sure that there is no extra trailing slash at the end of the URI, it can cause an error.

After that, go to settings/SMTP servers section in Lucy.

To use an external SMTP server you need to add your mail server by clicking the "add mail server" button:

Enter the mail server details:
Host: smtp.office365.com
Port: 587
Encryption: STARTTLS
Authentication Method: OAuth2
Provider: Office 365
Copy Client ID, Client Secret Value, Tenant ID from Azure to LUCY.

After saving the configuration, you can test the connection with the external SMTP server using the tool presented on the same page: enter the Sender and Recipient addresses and press the Test button. If it is OK, you will see the message "Success, please see the output". If something wrong, you will see the message "Error, please see the output". In the Console Output you will see a short description of the issue and log of the SMTP session:

More information regarding the SMTP errors codes you сan find here.

Azure AD Settings

Starting from version 4.8, LUCY allows to import recipients from Azure AD and provides a possibility to automatically synchronize a recipient group with your Active Directory.
Active Directory settings can be found under Settings > Azure AD Settings.

As soon as the SSO has been configured via OAuth 2.0 protocol, just copy the Tenant ID, Client ID, and Secrets section into Azure AD Settings.

Then navigate to Authentication on Azure portal and add the following URI: https://lucyurl.com/oauth

Therefore Lucy allows you to import recipients and administrative users directly from your Active Directory service. Importing functionality is the same for Azure AD as for LDAP (described here)

A dedicated article on Azure AD import procedure can be found here: Azure AD Synchronization

microsoft_azure_oauth_2_0.txt · Last modified: 2021/12/06 15:23 by lucy