====== Azure AD configuration ====== //Important: in order to authenticate through Azure AD you need to have Mail Gateway version [[https://builds.lundalogik.com/api/v1/builds/mail-gateway/versions/latest/file|2.1.13.0 or later]]// Follow these steps to configure authentication for Mail Gateway against Azure AD: - Navigate to the Azure Active Directory Admin Center and select //App registrations//. - Select **New registration**. - On the first page specify: * A display name for the application, e.g. //Lime CRM Mail Gateway//. * That the application is for your own tenant only. * For //Redirect URI// select **Public client** and set ''https://login.microsoftonline.com/common/oauth2/nativeclient'' as the URI. - For the newly created application registration, go to //Authentication// and enable **Allow public client flows**. \\ {{:addons:mail-gateway:screen_shot_2021-05-18_at_11.17.37.png?400|}} - Configure API permissions: - Go to //API permissions// and select //Add a permission//. - Select //Office 365 Exchange Online// from the //APIs my organization uses// section. - After choosing "Delegated permissions", check the EWS > ''EWS.AccessAsUser.All'' permission and click **Save**. - click **Grant admin consent**. - Go to the //Overview// page and make a note of the following identifiers that you need for the ''[[addons:mail-gateway:configuration#mailbox|mailbox]]'' elements in the Mail Gateway configuration file: * Application (client) ID * Directory (tenant) ID A sample of how the configuration should look can be found ''[[addons:mail-gateway:configuration#sample-configuration|here]]'' and the actual configuration file can be found either through the software ''Mail Gateway Configurator'' or the file ''MailGateway.Service.exe.config'' found in the installation folder, typically ''C:\Program Files (x86)\Lundalogik\LIME Pro Mail Gateway''