How to register NoSpamProxy in Microsoft Azure

To set up automatic user import via Azure Active Directory in NoSpamProxy, NoSpamProxy must be registered as an app in the Azure portal.

Registering NoSpamProxy

  1. Go to portal.nospamproxy.com.
  2. Go to Azure Active Directory > App Registrations.
  3. Click New registration.
  4. Enter a name for the app, for example NoSpamProxy.
  5. For the account type, select Accounts in any organizational directory (any Azure AD directory - Multitenant).
  6. Select Web as the type for the redirect URIs and enter the following URIs:

    • NoSpamProxy Server version 15.2 or lower:

      https://www.nospamproxy.de/de/admin-consent-redirect/
      https://www.nospamproxy.de/en/admin-consent-redirect/

    • NoSpamProxy Server Version 15.4 oder höher:

      https://NoSpamProxy_Web_App_Addresse:6061/odata/v4/AutomaticUserImports/ContinueAzureAdminConsent
      https://NoSpamProxy_Web_App_Addresse:6061/odata/v4/AutomaticUserImports/ConcludeAzureAdminConsent

      NOTE: Replace NoSpamProxy_Web_App_Addresse:6061 with the corresponding value of your NoSpamProxy Web App configuration. You can also query the necessary information via the Powershell with Get-NspWebApiConfiguration.

      NOTE: It is not necessary to make these URIs publicly available.

  7. Click Register.

The app registration is now complete. The following overview page displays details of your app registration.

NOTE: You need the application ID (client ID) to establish the connection to the Azure Active Directory in NoSpamProxy.

Adding API permissions

In order to use the automatic user import, you must authorize NoSpamProxy to call certain APIs.

  1. Open the overview page of the app.
  2. Go to API permissions.
  3. Click Add a permission.
  4. Click Microsoft Graph.
  5. Click Application permissions.
  6. From the menu, select Group.Read.All, User.Read.All and User.Read.
  7. Click Grant admin consent for "YourCompany".

Importing the certificate into NoSpamProxy

  1. Import the TLS certificate and the private key into the Windows certificate store of the Intranet Role.

  2. In the certificate store, right-click the imported TLS certificate and select All Tasks > Manage Private Key.

  3. Add the Intranet Role via Add > Object name "nt service\NoSpamProxyIntranetRole" and "nt service\NoSpamProxyWebApp" and give it read permission for the key.

Importing the certificate into the Azure AD

NoSpamProxy identifies itself to the authentication service when receiving tokens at a web addressable location (using an HTTPS scheme). You can upload the certificate required for authentication here.

  1. Open the overview page of the app.
  2. Go to Certificates and secrets.
  3. Click Upload certificate.
  4. Select the certificate you want to use. You can use the self-signed certificate that was created when NoSpamProxy was installed or another certificate that is suitable for client authentication.
  5. Click Add. After uploading the certificate, the fingerprint, start date and expiry date are displayed.