Procedure for clients to implement Azure SSO in Spotler MailPro license

The procedure to implement Azure SSO (through the OpenID method) in a Spotler MailPro license consists of three steps.

  1. Create an application and role specific groups in Active Directory, assign users to the role specific groups (Azure admin)
  2. Enter the details of the application and the groups in the Spotler MailPro application (Spotler MailPro support)
  3. Allow the application to use certain rights (Azure admin) 

Create an application

In Azure Active Directory open the "App registrations" page and click "+ New registration"

Application Registration - New application.png

On the "Register an application" page fill in the form:

  • Name: a descriptive name for the application, i.e. "Spotler MailPro (license identifier)" where license identifier is the first part of the URL to the Spotler MailPro license
  • Supported account types: the default ("Accounts in this organizational directory only") should be fine in almost all cases
  • Redirect URL: Create a redirect URL for a web platform in the format: https://[license].webpower.eu/admin/azure/

Then click on "Register" and you are redirected to the application page for your new Azure application.

Copy the Application (client) ID and Directory (tenant) ID from the "Essentials" section to a file/email with data for Tripolis Webpower support.

Application overview - Essentials.png

In the menu click on "Authentication"

Under "Front-channel logout URL" enter the logout URI in the format https://[license].webpower.eu/admin/azure/logout/

Application Authentication - Front-channel Logout URL.png

Under "Implicit grant and hybrid flows" select the checkbox for "ID tokens (used for implicit and hybrid flows)"

Application Authentication - Implicit grant and hybrid flows.png

After that click "Save"

In the menu click on "Certificates and secrets", navigate to the "Client secrets" tab and click on "+ New Client secret"

Application Certificate and Secret - New client secret.png

Give a description and select a period after which the client secret expires and click on "Add".

Copy the value of the client secret and the expire date to the file/email with data for Spotler MailPro support. You cannot retrieve the value in the future.

(Note: once the client secret expires, the requests to the Microsoft platform from the Spotler MailPro license will fail, and users cannot log into the Spotler MailPro license anymore.)

Create security groups that are mapped to a Spotler MailPro role

In Azure Active Directory open the "Groups" page and click "+ New group"

Select "security group" as type, give it a descriptive name and click on "Create"

Copy the group name and the Object ID to the file/email with data for Spotler MailPro support.

Allow the application to use certain rights (Admin consent)

After the configuration is finished, an azure admin must visit the following URL to consent to the rights that the application ask for.

https://[license].webpower.eu/admin/azure-signin/?admin