Modern authenticationRegistering authorization providers in Token VaultRegister a Microsoft 365 Authorization Provider in Token Vault

Register a Microsoft 365 Authorization Provider in Token Vault

To register a Microsoft 365 authorization provider in Token Vault, you need to access the Token Vault with a Token Vault administrator credentials.

This topic describes the second configuration task in the process of setting up an Exchange Online or a SharePoint Online connector or the Notification service with Microsoft 365 SMTP server to use modern authentication.

Perform this task in Token Vault after you have successfully registered a Microsoft 365 application for Token Vault through the Microsoft Identity Platform (Azure Active Directory) admin center.

To register a Microsoft 365 Authorization Provider in Token Vault, perform the following steps:

  1. Launch Token Vault. Enter the Token Vault URL into the address bar of your browser according to your Token Vault configuration in the following format:

    https://<FQDN>:<port>/

    where:

    • FQDN is the fully qualified domain name of the Token Vault machine.
    • port is the value of the HTTPS Port setting configured on the Token Vault Server Settings page in case of https usage.

    For example: https://tokenvaultmachine.testdomain.com:8381.

  2. Log in with your Token Vault administrator credentials in either of the following ways, depending on how your Token Vault Authentication settings are configured:
    • Enter your Windows User name in domain\username format, then your Password and click Log in.
    • Login with your Azure Active Directory user by clicking Sign in with Microsoft.
    The first account to log into Token Vault automatically receives administrator rights.
  3. Click Manage Authorization Providers on the left.

    The list of already registered providers is displayed.

  4. Click Register new at the bottom.
  5. Select the Microsoft 365 authorization provider from the list.

    The new Authorization Provider configuration page opens.

    • Token Vault generates this new authorization provider with the New Microsoft 365 authorization provider name.

      Change the default name according to your needs.

      Authorization Provider names must be unique in Token Vault.

    • Provider ID is a unique and automatically generated ID.

      This ID must always be sent by the client application (such as an eCopy ShareScan connector or an email inbox watcher) requesting authentication tokens from Token Vault.

      The Redirect URI is generated automatically from the currently open Token Vault site URI.

      This URI must be configured for the Microsoft 365 application registered for Token Vault.

  6. Copy the generated Provider ID for later use. It is required for the configuration of an eCopy ShareScan connector or an email inbox watcher with this Token Vault Authorization Provider.
  7. Enter your Application (Client) ID and Client Secret (provided by Microsoft Identity Platform (Azure Active Directory) during the application registration task).
  8. Select the proper account type from the Supported account types list according to your account type configured for the application registered for Token Vault on the Microsoft Identity Platform (Azure Active Directory).

    Enter your Microsoft 365 Tenant name if you selected Single tenant account type.

  9. Select the proper national cloud from the National Cloud list if your organization uses a national cloud due to data residency or compliance requirements. Otherwise, keep the default Azure AD (global service) value.
  10. In the Scope Sets list, add the appropriate scope sets depending on which eCopy ShareScan connectors and/or email inbox watchers and/or Notification service that you want to configure with Microsoft 365 and modern authentication:
    • Add Exchange if you want to use this authorization provider for eCopy ShareScan Exchange connectors, or email inbox watcher via POP3 or email inbox watcher via IMAP or Notification service with Microsoft 365 and modern authentication.
    • Add SharePoint and SharePoint.MySite if you want to use this authorization provider for eCopy ShareScan SharePoint connector configured with Microsoft 365 and modern authentication.
    • Add also Microsoft.Information.Protection if you want to use this authorization provider for eCopy ShareScan SharePoint connector configured with Microsoft 365 modern authentication and sensitivity labels when sensitivity labels without protection settings are configured and used in your SharePoint Online tenant.
    • Add also Azure.Rights.Management.Services if you want to use this authorization provider for eCopy ShareScan SharePoint connector configured with Microsoft 365 modern authentication and sensitivity labels when sensitivity labels also with protection settings are configured and used in your SharePoint Online tenant.
  11. Click Save.
  12. Click Enable under the Authorization Provider to enable it. To disable the Authorization Provider for users, click Disable.
  13. Click Edit if you want to modify any properties of the Authorization Provider.

At this point Token Vault is connected to Microsoft 365 and enabled for users to authorize.