First of all, it is necessary to register the application.
More information about it can be taken from here
Create a new Registration, name it.
Leave everything else by default except the redirect URI.
It should look like this:
Make sure that there is no extra trailing slash in the end of the URI, it can cause an error. It is possible to configure the second URI later.
These two URIs are required for administrative authentication and user login.
If SSO is not required for Admins, it is possible not to set the link.
The front-channel logout URL is optional.
As soon as done, please copy Tenant ID and Client ID into your LUCY app.
Settings → SSO Settings.
Copy Tenant ID and the Client ID from Azure to LUCY.
Create Client Secret in Azure's Clients and Secrets section, paste the value into LUCY as well.
Starting from 4.8, LUCY allows to import recipients from Azure AD and provides a possibility to automatically synchronize a recipient group with your Active Directory. One of the requirements is an OAuth 2.0 SSO configured according to the instruction from above. Active Directory settings can be found under Settings > Azure AD Settings.
As soon as the SSO has been configured via OAuth 2.0 protocol, just copy the Tenant ID, Client ID, and Secrets section into Azure AD Settings.
Then navigate to Authentication on Azure portal and add the following URI: https://lucyurl.com/oauth
Therefore Lucy allows you to import recipients and administrative users directly from your Active Directory service. Importing functionality is the same for Azure AD as for LDAP (described here)
A dedicated article on Azure AD import procedure can be found here: Azure AD Synchronization