Skip to main content

Email Signature – Entra ID Integration

This guide explains how to configure the email signature integration on TAC using Microsoft Entra ID. The goal is to allow TAC to automatically apply HTML signatures to users in a centralised way.

⚠️ We recommend using New Outlook instead of the Legacy version.

1. Prerequisites

To complete the setup you will need:

  • Admin permissions on TAC: app.touchandcontact.com

  • Admin permissions on Microsoft Entra ID

  • Access to the Entra portal: https://entra.microsoft.com/

2. Accessing the integration on TAC

  1. Go to https://app.touchandcontact.com

  2. Log in with your TAC admin account

  3. From the left-hand menu, go to the Integrations section

  4. Click "Connect to Entra" — you will be prompted for the following:

    • Tenant ID

    • Application ID

    • Client Secret

2.1 Creating the application in Microsoft Entra ID

  1. Go to the App Registration page

  2. Enter a name for the application (e.g. "TAC Email Signature")

  3. After creation, Entra will display in the Essentials section:

    • Application (Client) ID

    • Directory (Tenant) ID

Save both — you will need them on TAC.

2.2 Creating the Client Secret

  1. In the left-hand menu, go to "Certificates & secrets"

  2. Click "New client secret"

  3. Add a description (e.g. "TAC Integration Secret") and a validity duration

  4. Copy the secret value immediately

⚠️ The value will only be visible at the time of creation. (Note: Secret ID ≠ Client ID)

3. Configuring the integration on TAC

In TAC, enter:

  • Tenant ID

  • Application ID

  • Client Secret (value)

Once saved, you can proceed to configure the permissions.

4. Configuring API Permissions

4.1 Opening API Permissions

  1. Go to your application → "API Permissions"

  2. Click "Add a permission"

  3. Select "Microsoft Graph"

  4. Choose "Delegated permissions"

4.2 Required permissions for Email Signature

  • Domain.Read.All (required) Allows reading the tenant's domains — required to apply signatures only to users of the correct domain.

⚠️ Make sure Domain.Read.All has already been granted (Grant admin consent).

5. Connecting with Outlook

To finalise the setup, the administrator must:

  1. Go to https://admin.cloud.microsoft/

  2. Search for "Integrated Apps" in the top search bar

  3. Select "Add custom app""Office Add-in"

  4. Choose "Provide link to manifest file" and enter: https://outlook.touchandcontact.com/manifest.xml

  5. Click "Validate""Next"

  6. Under "Users", select "Entire organization"

  7. Accept the permissions → "Deploy"

🕒 The application may take up to 72 hours to become active across the organisation.

6. Permissions Summary

Functionality

Required Permission

Purpose

Email Signature

Domain.Read.All

Read domains and verify the user belongs to the authorised domain

7. After configuration

Once all steps are completed:

  • TAC will automatically apply centralised HTML signatures to users in the domain

  • Signatures will be synced based on the settings defined in the TAC panel

  • The admin can manage signatures directly from the "Email Signatures" section on TAC, with no further steps needed in Entra

8. Support

If something is not working, check:

  • ⚠️ You are using New Outlook instead of the Legacy version

  • The Client Secret is still valid

  • The Domain.Read.All permission has been granted

  • Tenant ID, Client ID and Secret are correct

For any questions, contact us at 📩 support@touchandcontact.com

Related Articles
Email Signature – Google Workspace Integration
Integration Guide: Microsoft Entra ID (Azure AD) with TAC
Mail & Calendar Integration Guide – Microsoft Entra ID (Azure AD) ↔ TAC
TAC ↔ Microsoft Dynamics 365 Integration
Entra ID: Configuring OpenID Connect (OIDC)-based Single Sign-On (SSO) for TAC
Did this answer your question?