How to register NoSpamProxy in Microsoft Azure

To set up automatic user import via Azure Active Directory in NoSpamProxy, NoSpamProxy must be registered as an app in the Azure portal.

Registering NoSpamProxy

  1. Go to portal.nospamproxy.com.
  2. Go to Azure Active Directory > App Registrations.
  3. Click New registration.
  4. Enter a name for the app, for example NoSpamProxy.
  5. For the account type, select Accounts in any organizational directory (any Azure AD directory - Multitenant).
  6. Select Web as the type for the redirection URIs and enter the following URIs:
    https://www.nospamproxy.de/de/admin-consent-redirect/
    https://www.nospamproxy.de/en/admin-consent-redirect/
  7. Click Register.

The app registration is now complete. The following overview page displays details of your app registration.

NOTE: You need the Application ID (Client ID) and the Directory ID (Tenant ID) to connect to the Azure Active Directory in NoSpamProxy.

Adding API permissions

In order to use the automatic user import, you must authorize NoSpamProxy to call certain APIs.

  1. Open the overview page of the app.
  2. Go to API permissions.
  3. Click Add a permission.
  4. Click Microsoft Graph.
  5. Click Application permissions.
  6. From the menu, select Group.Read.All, User.Read.All and User.Read.
  7. Click Grant admin consent for "YourCompany".

Uploading the certificate

NoSpamProxy identifies itself to the authentication service when receiving tokens at a web addressable location (using an HTTPS scheme). You can upload the certificate required for authentication here.

  1. Open the overview page of the app.
  2. Go to Certificates and secrets.
  3. Click Upload certificate.
  4. Select the certificate you want to use. You can use the self-signed certificate that was created when NoSpamProxy was installed or another certificate that is suitable for client authentication.
  5. Click Add. After uploading the certificate, the fingerprint, start date and expiry date are displayed.

NOTE: The certificate that you upload in the Azure Active Directory must be imported in NoSpamProxy under Identities > Certificates. The certificate must not additionally be present in the Windows certificate store. See Importing certificates.