Skip to main content
All CollectionsAdd-Ons
Azure Mail Integration SimpleSign
Azure Mail Integration SimpleSign

Send secure and authenticated emails directly from your Azure account using SimpleSign.

Karl McCauley avatar
Written by Karl McCauley
Updated over a year ago

Step 1: Register Your Application in Azure Active Directory

  1. Sign in to the Azure Portal:

  2. Register a New Application:

    • Navigate to Azure Active Directory > App registrations > New registration.

    • Name your application (e.g., "SimpleSign OAuth Email").

    • Redirect URI (optional, not needed in this case)

    • Click Register.

  3. API Permissions:

    • Ensure that your app registration in Azure has the appropriate Application Permissions (not Delegated Permissions) for Mail.Send or Mail.Send.Shared.

    • Grant admin consent for those permissions in Azure.

    • Click Grant admin consent.

  4. Generate Client Secret:

    • Go to Certificates & secrets and create a new client secret.

    • Copy and save the secret because it will only be shown once.

  5. Record the Following Values:

    • Client ID (from the overview page).

    • Tenant ID (from the overview page).

    • Client Secret (from the step above).

Step 2: Configure a Service Mailbox in Microsoft 365

To configure a service mailbox in your organization’s Azure AD tenant, you need to create a mailbox that is managed by your organization and is typically used by applications or services to send emails (e.g., for notifications or automated messages). Below are the steps to set up a service mailbox using Microsoft 365 (formerly Office 365) and configure the necessary permissions in Azure AD.

1. Create a Service Mailbox (User Mailbox) in Microsoft 365

Sign in to the Microsoft 365 Admin Center:

    • Go to the Microsoft 365 Admin Center: admin.microsoft.com.

    • Use your admin credentials to sign in.

Create a New User:

    • In the left-hand menu, select Users > Active Users.

    • Click Add a user.

    • Provide the details for the user (this will act as the service mailbox). For example:

    • Assign a Microsoft 365 license that includes access to Exchange Online (e.g., an Exchange Online Plan 1 or 2 license, or Microsoft 365 Business Basic).

Complete the Setup:

    • Finish the setup and assign a temporary password for the new user.

    • After the user is created, you can change the password and ensure it’s a secure password.

2. Grant API Permissions to Send Emails Using Azure AD

Once the service mailbox is created, you need to grant your Azure AD application the appropriate permissions to send emails on behalf of the service mailbox.

Sign in to the Azure AD Portal:

  • Go to the Azure Portal and sign in with your admin credentials.

Navigate to Your App Registration:

    • In the left-hand menu, go to Azure Active Directory.

    • Under Manage, select App registrations.

    • Find and select the application you want to configure for sending emails.

Add Microsoft Graph API Permissions:

    • Under Manage, select API permissions.

    • Click Add permission.

    • Select Microsoft Graph.

    • Choose Application permissions (since this is an app using client credentials, not a delegated user).

Select Mail Permissions:

    • Scroll down to find the Mail permissions.

    • Choose the following:

      • Mail.Send: Allows the application to send mail as any user (or the service mailbox).

      • Mail.Send.Shared: (Optional) Allows the application to send mail from a shared mailbox if needed.

Grant Admin Consent:

    • After adding the permissions, click Grant admin consent to ensure that the permissions are granted organization-wide for the app.

Verify Permissions:

    • Ensure that both Mail.Send and Mail.Send.Shared (if applicable) are listed under Application permissions.

Step 3: SimpleSign Add-on Activation

    • Navigate to SimpleSign Add-on section.

    • Search for Azure Mail Integration

Under settings fill the details you get from the above steps

Did this answer your question?