Authentication Update - Spring 2026

Airmail2 Cloud is consolidating its authentication methods to OIDC, OpenID Connect.

The benefit is a single set of code for the supported identity providers: Microsoft, OKTA, OneLogin. In addition, there will be a single entry point (URI) for Airmail2 Cloud.

This requires a change to Microsoft Entra App Registration to support the Spring Update

Here is a description of the REQUIRED changes:

Authentication

New Redirect URI

- Add a Web redirect URI in the form - https://<customer>.airmail2.cloud/apiv3/signin-oidc

This WILL replace the existing single-page redirect URIs once deployment has completed.

-          /airmail2/

-          /airmail2console/

-          /airmail2hub/

Do NOT remove the existing redirects until after the Spring 2026 Update.

API Permissions

In addition to changing the redirects, we are also asking for new permissions to help streamline our onboarding process for OIDC type SSO. The following entries need to be added and consented to in Entra

·       offline_access – delegated

·       openid – delegated

·       profile – delegated

We will keep Group.Read.All and User.Read.All in place for the AD Sync service

Still need help? Contact Us Contact Us