Authentication Update - Spring 2026

Airmail2 Cloud is consolidating its authentication methods to OIDC, OpenID Connect.

Now a single codebase will support Microsoft Entra , OKTA, and OneLogin.

The change also creates a single entry point (URI) for Airmail2 Cloud.

This requires an update to your Identity Provider App Registration

This document describes the process for Microsoft Entra. Contact support@docsolid.com for assistance with OKTA or OneLogin.


Application being updated - Airmail2 Cloud User Sync + Auth

Authentication

New Redirect URI

- Add a Web redirect URI in the form - https://<customerdomain>.airmail2.cloud/apiv3/signin-oidc

This WILL replace the existing single-page redirect URIs once deployment has completed.

-          /airmail2/

-          /airmail2console/

-          /airmail2hub/

Do NOT remove the existing redirects until after the Spring 2026 Update.

API Permissions

We also require new API Permissions to streamline the onboarding process for OIDC type SSO. The following entries need to be added and consented to in Microsoft Entra (see graphic below).

·       offline_access – delegated

·       openid – delegated

·       profile – delegated


NOTE: Make sure to click Grant admin consent for <Firm Name>


ANOTHER NOTE: Keep Group.Read.All and User.Read.All in place for the AD Sync service

Still need help? Contact Us Contact Us