User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 4.7

microsoft_azure_oauth_2_0

Configuration of OAuth 2.0 for Microsoft Azure

First of all, it is necessary to register the application.
More information about it can be taken from here

However, the first step is to go to App Registrations.

Create a new Registration, name it.
Leave everything else by default except the redirect URI.

It should look like this:
https://lucyurl.com/oauth/admin
https://lucyurl.com/oauth/user
Make sure that there is no extra trailing slash in the end of the URI, it can cause an error. It is possible to configure the second URI later.

These two URIs are required for administrative authentication and user login.
If SSO is not required for Admins, it is possible not to set the link.

The front-channel logout URL is optional.

As soon as done, please copy Tenant ID and Client ID into your LUCY app.
Settings → SSO Settings.

Copy Tenant ID and the Client ID from Azure to LUCY.

Create Client Secret in Azure's Clients and Secrets section, paste the value into LUCY as well.

Do not forget to add the second Redirect URI (If required).
It can be done in the Authentication section.

Azure AD Settings

Starting from 4.8, LUCY allows to import recipients from Azure AD and provides a possibility to automatically synchronize a recipient group with your Active Directory. One of the requirements is an OAuth 2.0 SSO configured according to the instruction from above. Active Directory settings can be found under Settings > Azure AD Settings.

As soon as the SSO has been configured via OAuth 2.0 protocol, just copy the Tenant ID, Client ID, and Secrets section into Azure AD Settings.

Then navigate to Authentication on Azure portal and add the following URI: https://lucyurl.com/oauth

Therefore Lucy allows you to import recipients and administrative users directly from your Active Directory service. Importing functionality is the same for Azure AD as for LDAP (described here)

A dedicated article on Azure AD import procedure can be found here: Azure AD Synchronization

microsoft_azure_oauth_2_0.txt · Last modified: 2021/05/07 13:44 by lucy