To configure Azure AD authentication for Outlook on the web or OWA, you will need the following credentials:
- Tenant Name (Initial Domain)
- Application ID
- Azure AD Key (Secret Token)
These can be generated via Azure Active Directory portal App registrations. Note that Global Admin privilege is required for this.
1. On the Azure Active Directory admin center App registrations. Click on New registration.
2. Fill up the form with the needed information. Make sure to set Redirect URI to https://app.xink.io. Then click on Register
3. Once the App registration is done, open it and copy the Application ID.
4. After copying the details, on the page of the registered app go to the left side and click on Certificates & secrets. Click on New client secret and create the secret token accordingly.
Note: If you already have an existing token due to AAD integration, you will have to generate a new one as the existing secret token will never be visible.
5. Copy the generated secret token and add it to the Application ID and Tenant Name. You may keep the credentials in a safe repository as the code will be hidden after you close the window.
6. After the credentials are copied, go to API permissions to set and request the required permissions.
7. Click on Add permission, Click APIs my Organization uses(tab) and select Office 365 Exchange Online.
8. Search and select 'full_access_as_app' under Application permissions.
Click on Add permissions at the bottom part to complete adding.
9. Initially the permission status shows as not granted. Click Grant admin consent above to grant the API permission. Click on Yes to confirm if you get a prompt.
10. Once the permission is already granted, you can proceed to configure the OWA integration. Just go to OWA integration via Preferences > Integration >Microsoft 365 (Outlook on the web).
Enter the saved credentials from Azure AD as follow (screenshot below)
- Tenant Name
- Application ID
- Azure AD Key -> then click on Check connectivity.
See result: "Successfully discovered service...", then your setup is done.
After 1-2 hours, Xink signature will be injected into the user's Outlook on the web.