This article details how to configure OAuth authentication when logging into the USS Compliant Email Archive
Azure Configuration
1. Login to your Azure AD as an administrator
2. Navigate to the App Registrations section and choose New Registration. Fill out the fields as such:
- Name: Give it any name
- Redirect URI: Web
- URL: https://archive.clouduss.com/uss/microsoftoauth.do
It should look like the below:
Save.
3. Next navigate to the Certificates and Secrets section. Click on New Client Secret. Give it any name and add the duration of your choice.
Make a note of the contents under the Value field - this will be used later within the Compliant Email Archive OAuth configuration section
Please ensure you keep a note this backed up somewhere. Once you navigate away from this section, you will not be able to view the full contents of the Value field again
4. Navigate to the API Permissions section. Click on Add A Permission. Choose Microsoft Graph on the section that pops up. Choose Application Permissions on the next section
On the list of permissions that then appears, search for user.read.all and select. Once you have done this, click on Add Permissions to confirm
5. Now click Grant Admin Consent For <youruser>. Your API permissions should now look like this:
That concludes the Azure part of the configuration. However, keep it open as there is information you will need to obtain to complete the Compliant Email Archive set up.
Compliant Email Archive Configuration
1. Login to your Compliant Email Archive as an administrator and navigate to Adv. Configuration -> SSO OAuth
2. Choose Create New Connection. Some of these fields require information from your Azure AD to continue. Please see the following which details where you can find this information
Client ID - you can find this on your newly created App Registrations overview page within Azure in the field titled Application (client ID):
Client Secret - this is Value key you made a note of earlier as described in the section 3 of the above section
Authorisation URL / Access Token URL / User Detail URL - navigate to the Overview page of your newly created App Registration and choose the Endpoints button at the top of the page:
The information you then need to copy from the section that appears is:
Authorisation URL - the URL under OAuth 2.0 authorisation endpoint (v2)
Access Token URL - the URL under OAuth 2.0 token endpoint (v2)
User Detail URL - the URL under Microsoft Graph API endpoint
For 'developer apps' registered apps, you can leave URL endpoint fields blankOnce you have filled out all these details, hit Save Connection. Users should now be able to login to Compliant Email Archive via OAuth.