Table of Contents
Configuration of OAuth 2.0 for Microsoft Azure
First of all, it is necessary to register the application.
More information about it can be taken from here
However, the first step is to go to App Registrations.
Create a new Registration, name it.
Leave everything else by default except the redirect URI.
It should look like this:
https://lucyurl.com/oauth/admin
https://lucyurl.com/oauth/user
Make sure that there is no extra trailing slash in the end of the URI, it can cause an error.
It is possible to configure the second URI later.
These two URIs are required for administrative authentication and user login.
If SSO is not required for Admins, it is possible not to set the link.
To use OAuth for SSO with the end user portal, the portal must be hosted on the same domain as your admin. It is not possible for example to add a redirect URI like https://enduserportal.com/oauth/user, the authentication request will fail. You may use subdomains of the admin domain, provided your DNS is configured for them.
The front-channel logout URL is optional.
As soon as done, please copy Tenant ID and Client ID into your LUCY app.
Settings → SSO Settings.
Copy Tenant ID and the Client ID from Azure to LUCY.
Create Client Secret in Azure's Clients and Secrets section, paste the VALUE into LUCY as well.
Do not forget to add the second Redirect URI (If required).
It can be done in the Authentication section.
Azure SMTP Settings
To use an external SMTP server via Azure you will first need to add the redirect URI in the Authentication section of the App that you registered. This URI is required for SMTP authentication. It should look like this:
https://lucyurl.com/smtp/oauth
Make sure that there is no extra trailing slash at the end of the URI, it can cause an error.
After that, go to settings/SMTP servers section in Lucy.
To use an external SMTP server you need to add your mail server by clicking the "add mail server" button:
Enter the mail server details:
Host: smtp.office365.com
Port: 587
Encryption: STARTTLS
Authentication Method: OAuth2
Provider: Office 365
Copy Client ID, Client Secret Value, Tenant ID from Azure to LUCY.
After saving the configuration, you can test the connection with the external SMTP server using the tool presented on the same page: enter the Sender and Recipient addresses and press the Test button. If it is OK, you will see the message "Success, please see the output". If something wrong, you will see the message "Error, please see the output". In the Console Output you will see a short description of the issue and log of the SMTP session:
More information regarding the SMTP errors codes you сan find here.
Azure AD Settings
Starting from version 4.8, LUCY allows to import recipients from Azure AD and provides a possibility to automatically synchronize a recipient group with your Active Directory.
Active Directory settings can be found under Settings > Azure AD Settings.
As soon as the SSO has been configured via OAuth 2.0 protocol, just copy the Tenant ID, Client ID, and Secrets section into Azure AD Settings.
Then navigate to Authentication on Azure portal and add the following URI: https://lucyurl.com/oauth
Therefore Lucy allows you to import recipients and administrative users directly from your Active Directory service. Importing functionality is the same for Azure AD as for LDAP (described here)
A dedicated article on Azure AD import procedure can be found here: Azure AD Synchronization