|
Note: This page describes the integration with the external service MS365 Azure Portal. |
For using the Directory Synchronisation in seppmail.cloud, an app must be set up in Azure.
Proceed as follows:
- Log into the Azure Portal with an M365 administrator with privileges to create applications for the tenant and domain(s) in question.
- Go to Entra ID > App Registrations > New registration.
- Give the new application a name (for example "seppmail.cloud directory synchronisation").
- Select account type Only accounts from this organisation, leave redirect URL empty and click on Register.
- The app registration is created and the details are shown. Copy the application (client) ID to a temporary place.
- Click on Add certificate or secret, then under Secret Client Keys click on New secret client key.
- For the name of the key, use something like "seppmail.cloud yyyy-mm-dd", and select the validation period and click on Add.
- Immediately after the client secret is created, you have to copy the secret value to a temporary place. It will not be shown to you again.
- Note that if you provide the correct validation period in the seppmail.cloud configuration later, we will send you a reminder about renewing this client secret.
- In the left-hand menu, select API privileges and click on Add privileges.
- Select Microsoft Graph as the category and Application permissions for privileges to add.
- Add the following access rights:
- Domain.Read.All
- Group.Read.All
- GroupMember.Read.All
- User.Read.All
- You must confirm Admin consent for the API privileges. Example for a resulting list of privileges:
After you created the privileges, check that the groups you want to synchronise exist and have group members assigned. At least one group with at least one member has to exist for synchronisation.
At this point, open the seppmail.cloud portal and continue with the configuration as described in Directory Synchronisation.
