Create an Azure AD Application

Before you configure PIM to use the Azure SMTP Client mail flow provider, you need to add and configure a PIM Email application registration within your instance of Azure AD. This provides PIM's system mailbox logon with a refreshable authentication token.

Prerequisites: Before you configure your PIM system to use the Azure SMTP Client mail provider, ensure you have read the information in the Preparation topic.

To add and configure the PIM Email app registration in Azure AD:

  1. Go to the Azure portal by visiting https://portal.azure.com.
  2. Select Azure Active Directory.
  3. In the left-hand menu, from the Manage menu, select App registrations.
  4. On the App Registrations screen, click + New registration.
  5. On the Register an Applications screen, do the following:
    1. In the Name field, enter Deltek PIM Email.
    2. Under Supported account types, select Accounts in this organization directory only.
    3. Under Redirect URI (Optional), select Web, and then enter your customer URL followed by the relative redirection endpoint:
       XWeb/Security/IdentityProviderCallback.ashx?provider=Microsoft&applicationType=Email

      For example, the URL will look like this:

       https://yourPIMsitename.yourDomain.com/XWeb/Security/IdentityProviderCallback.ashx?provider=Microsoft&applicationType=Email
    4. Click Register to create and save the application.
  6. From the Manage menu, select Authentication.
  7. On the Authentication screen, under Redirect URIs (which you populated in step 5), do the following:
    1. In the Implicit grant and hybrid flows section, select both the Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows) options.
    2. In the Supported account types section, select the Accounts in this organizational directory only option.
    3. In the Advanced Settings section, under Allow public client flows, set the Enable following mobile and desktop flows option to No.
    • Clive Save.
  8. From the App Registrations menu, select Certificates & Secrets, and do the following:
    1. On the Certificates and Secrets screen, navigate to the Client Secrets tab and click + New client secret.
    2. In the Description field, enter Deltek PIM Email.
    3. Under Expires, Deltek recommends that you select 24 Months. Alternatively, click Custom to set a custom expiration timeframe that suits your organization's requirements.
      If you choose a shorter timeframe from the recommended 24 months, you should schedule a calendar reminder to renew the secret at least one month prior to the expiration date to prevent login errors from occurring.
    4. Click Add to generate the secret value.
      To save time later, click the clipboard icon next to the secret and paste it into a text file. This value is required when you configure the Azure SMTP provider in PIM.
  9. From the App Registrations menu, select API Permissions, and then do the following:
    If you have already registered with a Microsoft Graph > User.read delegated permission, you can skip this step.
    1. Click Add a Permission.
    2. In the right-hand panel, under the Microsoft's APIs tab, select Microsoft Graph.
      This option displays as a large tile at the top of the list.
    3. Select the Delegated Permissions type.
    4. Use the Select Permissions filter to find and select the following permissions: Offline Access, OpenID, Profile, and SMTP Send.

After you create an Azure AD application, you can now Configure PIM to Use the Azure SMTP Client Mail Provider.