![Group 2533.png]](https://www.northgrc.com/hs-fs/hubfs/NorthGRC/Group%202533.png?height=40&name=Group%202533.png){kind=small}
Configuration
To set up an Office 365 mail server in Entra ID, you need to log into NorthGRC with a user that has the security role of “UserManager”.
Navigate to Settings > Integrations > Email Integration > select “Add Mail server” and click on Office365.
The “Name” field is for information purposes only and will be shown in the list of Mail servers.
The endpoint, application ID and key fields must contain information from Entra ID. Follow the instructions in the next section to get these.
The “Send email from email address” is the sender of the mails you want to send.
Adding NorthGRC configuration in Entra
You need to register your NorthGRC mail server as an app. Log into your Microsoft Azure Portal with a user that is allowed to create and manage Entra ID Applications.
Navigate to Entra ID Active Directory > App registrations > Endpoints and locate the setting for OAuth 2.0 authorization endpoint (v2).
Use the Copy icon to copy the link to the Clipboard. Paste the link into neupartOne field “Azure OAuth 2.0 Authorization endpoint”
We now need to register a new application.
Navigate to Entra ID > App registrations > New registration.
On the registration page, add a name like “NorthGRC Mail server”
The selected Supported account types should be to allow only users in this single azure directory tenant
Now press Register to finish the application registration.
When registered, the Application ID is located in the Essentials section of the page, and a Copy to clipboard option is available when you move the pointer over the Application ID.
Paste the application ID into the neupartOne “Application ID” field.
Now we need to allow both Delegated and Application identity, to allow for both user authentication and service authentication for synchronization.
In the left side Manage menu, locate and select the Authentication menu item.
Add a platform and chose Web, and use a return URL such as the one below, where you substitute testserver for own server name.
https://testserver.northgrc.app/azure/auth
On the Authentication page, scroll down to the Implicit grant and hybrid flows section.
Mark both “Access tokens” and “ID tokens” fields and press the Save button at the top.
Next, we need to create a shared secret to allow NorthGRC to access Azure. In the left side Manage menu, locate and select the Certificate and secrets menu item.
In the “Client secrets” section, press “+ New client secret” button.
In the “Description” field enter “App Key Value”. Under “Expires” section, choose the field 24 months, or select custom dates with the interval you prefer. Then press the Add button.
The created secret will be shown, use the Copy to clipboard function to copy the Value column and past it into the neupartOne “Application Key Value” field.
The Application Key can only be shown once, so make sure to copy it. Otherwise you have to create a new secret
Entra ID API permissions
We now need to add permissions for NorthGRC.
You must add two application permissions. Use the “+ Add a permission”.
The added permissions require that an Administrator grant the access, use the “Grant admin consent for Standard-directory” button to approve the added permissions.
Now the mail server is setup for NorthGRC.