Objectives
- Email Engine (Office 365) configuration
Steps
Method 1:
You can contact our support team and share with them your application URL in case you won’t to create an application in Azure Portal or won’t to use an existing application at your end.
This method is used when you need to let LEXZUR Team manage and maintain the application in Azure Portal Platform.
Method 2:
1. Open: https://portal.azure.com/
2. Click on “Azure Active Directory” link, on the left menu click on “App registrations”, then click “New registration”.
3. Write the name of the application you want, from the supported account types select 3rd choice: Accounts in any organizational directory and personal Microsoft accounts.
4. In the redirect URI, from “Select a platform” choose “Web” and on the URL add your LEXZUR system URL and add “api/v2/core/user_authorization_callback” at the end, then click Register. a URL example:
a. https://myServer/app4legal/api/v2/core/user_authorization_callback
b. Can later from left menu “Authentication” update the redirect URLs.
5. Now will get the “Application (client) ID” copy it to a notepad so we will use it.
6. From the left menu click “Certificates & secrets” then “New client secret” put a description of the key and change the expiry date to the max months you get.
After creation you must directly copy the secret value as it will not appears again, copy it from the column labeled “Value” not “Secret ID”.
7. For the “Client ID” and “Client Secret” we already copied we will put them inside LEXZUR folder, open “application/config/integrations.json” and in the "MS-OfficeMail-365", fill the “clientId” and “clientSecret” by the values we get.
8. Note from the “Branding and properties” option in left menu we can change the name, upload logo and other information related the application.
9. We must add the permissions for the applications, click on “API permissions” from the left menu, click “Add a permission” then click on “Microsoft Graph” -> “Delegated permissions” the select below permission and click “Add permission”:
a. The 4 permissions under “OpenId”
b. “Mail.ReadWrite” and “Mail.Send” under “Mail” permission.
c. “User.Read” under “User” permission.
d. “MailboxSettings.ReadWrite” under “MailboxSettings”.
Important Note:
If the user is not able to grant permissions to the application with the user consent screen and gets “Need admin approval” screen like the below then the azure admin must follow one of below methods:
First Method: User Consent Settings
Open the "Azure Portal", go to "Enterprise Applications" then "Consent and permissions" and open "User consent settings".
Here you can select the option “Allow user consent for apps”
Second Method: Admin consent request
If you don’t want to allow users to consent to the application as the first method and let them request admin approval. To activate this option, go to the (Azure Active Directory > Enterprise applications > Consent and permissions > Admin consent settings)
then Under Admin consent requests, select Yes for Users can request admin consent to apps they are unable to consent to, then select the user that will get the request review to accept and yes for receive an email notification.
After doing this, when the user tries from LEXZUR to integrate with their own email, will get an option to send an approval request to the admin. The admin should approve this request so the user can start integration again without any issues.
Third Method: Grant tenant-wide admin consent in Enterprise apps (LEXZUR App that is created and managed by LEXZUR Team)
To grant tenant-wide admin consent to an app listed in Enterprise applications:
1. Sign in to the Azure portal with one of the roles listed in the prerequisites section.
2. Select Azure Active Directory, and then select Enterprise applications.
3. Search for the LEXZUR App by searching using the Application Id “21e7e0d8-bedf4a60-a5eb-fd0ae1571d36” then select the application to grant tenant-wide admin consent, and then select Permissions.
4. Carefully review the permissions that the application requires. If you agree with the permissions the application requires, select Grant admin consent.
References:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-userconsent?pivots=portal
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consentworkflow
https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/grant-adminconsent?pivots=portal
For more information about LEXZUR, kindly reach out to us at help@lexzur.com.
Thank you!
This page has no comments.