Getting Started with Microsoft O365 (Admin Setup for Federated Email)

Registering BOLD Email Integration as an App in Microsoft 365 enables BOLD to authenticate to your Microsoft 365 tenant on behalf of BOLD users using their user account. By default, a newly registered App won't have any Permissions, so you'll also need to assign appropriate roles to the application to enable BOLD Email Integration to sync Microsoft 365 mailboxes and send emails.

 

CHAPTERS

Admin Setup
    Register the App
    Create Client Secret
    Copy the Application ID

    Add API Permissions
    Setup to Configure Web Application Authentication
Create User Groups
Add a new Group to the Application
References
    Outlook Service Limits

 

Admin Setup

 

Register the App

  1. Log into the Office 365 portal
    1. Link to the Office 365 portal

      mceclip0.png

  2. Click on Azure Active Directory
  3. Click on Overview

    mceclip1.png

  4. Click on the Add button

    mceclip32.png

  5. Click on App registration

    mceclip3.png

  6. Enter a name for the application, in the Name field
    1. Suggested to use: Bold_Email_Integration
      Note: We recommend not to include any spaces and use underscores instead.
  7. Select the Accounts in any organizational directory (Any Azure AD directory - Multitenant) option
  8. Click on the Register button

    mceclip0.png

    A prompt will appear in the upper right corner, showing it was successful.

    mceclip34.png

 

Create Client Secret

  1. Click on the Certificates & secrets section
    1. Copy the Application (client) ID since it will be used in a later step.
      Adding the Application (client) ID

      mceclip0.png

  2. Click on the Client secrets section
  3. Click on the New client secret button
    Note: After creation be sure to save the client secret as it will only be available for a short time.
    This and the application (ClientId) will need to be configured in Utilities in a later step

    mceclip35.png

  4. Enter a name in the Description field
  5. Select the expiration from the Expires drop down field.
    1. We recommend selecting 24 months.

      mceclip36.png

  6. Click on the Add button

    mceclip37.png

    A prompt will appear in the upper right corner, showing it was successful.

    mceclip38.png

  7. The Secret Value field will only be displayed on this screen.  Once you navigate to another area, the Secret Value will never be displayed again.

    mceclip2.png

  8. Hover the mouse to the new Paper image icon

    mceclip3.png

  9. Click on the Copy to clipboard link

    mceclip4.png

  10. Paste the value of the Secret Value, in a location to be used for later set up.
    Note: The Secret Value must be copied here since it will not be displayed again.

    mceclip5.png

    Example of Secret Value no longer being displayed.

    mceclip6.png

 

 

Copy the Application ID

Copy the Application (client) ID and Client credentials to add into AviontéBOLD.

  1. Click on Overview

    mceclip0.png

  2. Hover over the Application (client) ID field.
    A Paper image icon will show

    mceclip0.png

  3. Hover the mouse to the new Paper image icon

    mceclip1.png

  4. Click on the Copy to clipboard link

    mceclip2.png

  5. Paste the value of the Application ID, in a location to be used for later set up.
    Inputting the Application ID and Client secret

 

 

Add API Permissions

  1. Click on the API Permissions section
  2. Click on the Add a Permission button

    mceclip42.png

  3. Click on the Microsoft Graph tile

    mceclip3.png

  4. Click on the Delegated Permissions tile

    mceclip4.png

  5. Select the following options from the Sections:

    mceclip5.png

  6. Add the following Permissions, by clicking the checkboxes:

    Details for API/Permissions

    Located in Section API / Permission Name Type Description Admin Consent required
    OpenId Permissions openid Delegated

    Sign in and read user profile

    No
    Mail Mail.Read Delegated Read user mail No
    Mail Mail.Send Delegated Sign users in No
    User User.Read Delegated Send mail as a user No
  7. Click on the Add Permissions button

    mceclip6.png

  8. A prompt will appear in the upper right corner, showing it was successful.

    mceclip7.png

  9. Ensure that all the APIs/Permissions are listed:
    Details of the APIs/Permissions

    Ensure that all the APIs:Permissions are listed.png

  10. Click on the Grant admin consent for xtmxt button
    Note: Replace "xtmxt" with "Your Tenant Name"
    1. This option may be grayed out (unavailable), without the proper Permissions.
      Microsoft on Azure AD roles

      Grant admin consent for xtmxt.png


      A prompt will appear in the upper right corner, showing it was successful.

      mceclip13.png

  11. Notice the status is updated to Granted for xtmxt
    Note: "xtmxt" is just an example name and will be different than yours.
    Granted for xtmxt.png

Setup to Configure Web Application Authentication

  1. Click on the Authentication section
  2. Click on the Add a platform button

    mceclip43.png

  3. Click on the Web tile

    mceclip44.png

  4. Enter the following link into the Redirect URIs field
    1. Replace clientname with your company's subdomain
      1. https://clientname.myavionte.com/sonar/api/oauth2/CallbackFederatedAuthTokenSend

        Finding your Build/Install Name


        mceclip46.png

  5. Click on the Configure button
    Configure Web - click on the Configure button.png

    A prompt will appear in the upper right corner, showing it was successful.

    mceclip48.png

 

Create User Groups

Create a user group that has access to this new application and assign users that are allowed BOLD Email Integration.

  1. Ensure you are on the Groups Section.
    1. Click on Azure Active Directory
    2. Click on the Groups section

      mceclip21.png

    3. Click on the New group button

      mceclip49.png

    4. Enter information for the following fields:
      1. Group Type: Select the Security option
      2. Group name: BOLD_Email_Integration
        1. Note: We recommend not to include any spaces and use underscores instead.
      3. Group description: Enter a brief description of the Group
      4. Azure AD roles can be assigned to the group: Toggle the switch to No
      5. Membership type: Select the Assigned option
      6. Owners: No changes are needed

        mceclip25.png

      7. Members: Click on the No members selected link
        1. Select all the members/users

          mceclip26.png

    5. Click on the Create button

      mceclip27.png

 

 

Add a new Group to the Application

Select Enterprise Apps and BOLD Email Integration to add this group to the new Application

 

  1. Click on Enterprise applications
  2. Click on All applications

    mceclip0.png

  3. Click on the link for your Application, in the Name field.
    Verify that the Name is BOLD Email Integration (or the name used when initially creating).  This is the name that was created for registering the App.
    Section on registering the App

    mceclip1.png

  4. Click on the Assign users and groups link

    mceclip50.png

  5. Click on Add user/group
    Note: : This list may initially be blank

    mceclip3.png

  6. Click on the None Selected link

    mceclip4.png

  7. Click on the User Group that was created in a previous step.
    Note: Depending on the Azure Active Directory Plan, User Groups may not be available to select.
    This is the name that was created for the user group.
    Section on creating a user group

    mceclip5.png

    1. If the Azure Active Directory Plan is a Free Tier, then the ability to select User Groups is not allowed.  
      1. Instead, please select all the Users

        mceclip0.png

  8. Click on the Select button

    mceclip6.png

  9. Click on the Assign button

    mceclip30.png

 

References

Outlook Service Limits

From the Microsoft article, Microsoft Graph service-specific throttling limits:

"Outlook service limits are evaluated for each App ID and mailbox combination. In other words, the limits described apply to a specific App accessing a specific mailbox (user or group). If an application exceeds the limit in one mailbox, it does not affect the ability to access another mailbox. The following limits apply to the public cloud as well as national cloud deployments."

Limit Applies To
10,000 API requests in a 10-minute period v1.0 and beta endpoints
4 concurrent requests v1.0 and beta endpoints
15 megabytes (MB) upload (PATCH, POST, PUT) in a 30-second period v1.0 and beta endpoints

 

 

3rd party link Disclaimer: These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by [The author] of any of the products, services or opinions of the corporation or organization or individual. [The author] bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. Contact the external site for answers to questions regarding its content.

 

Click on the links below for more information:

 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.