Azure AD configuration

Important: in order to authenticate through Azure AD you need to have Mail Gateway version 2.1.13.0 or later

Follow these steps to configure authentication for Mail Gateway against Azure AD:

1. Navigate to the Azure Active Directory Admin Center and select App registrations.
2. Select New registration.
3. On the first page specify:
   • A display name for the application, e.g. Lime CRM Mail Gateway.
   • That the application is for your own tenant only.
   • For Redirect URI select Public client and set https://login.microsoftonline.com/common/oauth2/nativeclient as the URI.
4. For the newly created application registration, go to Authentication and enable Allow public client flows.
   
5. Configure API permissions:
   1. Go to API permissions and select Add a permission.
   2. Select Office 365 Exchange Online from the APIs my organization uses section.
   3. After choosing “Delegated permissions”, check the EWS > EWS.AccessAsUser.All permission and click Save.
   4. click Grant admin consent.
6. Go to the Overview page and make a note of the following identifiers that you need for the mailbox elements in the Mail Gateway configuration file:
   • Application (client) ID
   • Directory (tenant) ID

A sample of how the configuration should look can be found here and the actual configuration file can be found either through the software Mail Gateway Configurator or the file MailGateway.Service.exe.config found in the installation folder, typically C:\Program Files (x86)\Lundalogik\LIME Pro Mail Gateway