Microsoft Entra ID technical setup

This guide will take you through the technical requirements to send legal hold notices, preserve in place, and connect to your Entra ID to sync employee information. To do this, you need to create one application to link these functions. Use this guide when setting up the required syncs that Relativity needs to integrate with their system.

Organizations that prefer to pull employee information from another source can import import employee information with a .csv file.

Microsoft settings for Legal Hold

You have two options when it comes to setting up email in Relativity Legal Hold.

  1. Use the Microsoft Graph API and an application registration in Azure.

  2. Use your simple mail transfer protocol (SMTP) server and requires that you open certain ports.

Note: We recommend using the Microsoft Graph API and an application registration in Azure for ease of setup.

You can enter your email settings on the Legal Hold Settings tab in the Legal Hold workspace.

Relativity application registration requirements

The Graph API option for sending legal holds and the Active Directory Sync application rely on creating an application registration in Microsoft Azure. Only a Microsoft Application Administrator with access can create an application, find credentials, and delete an application. If you do not have permissions, contact your admin. Please refer to Microsoft documentation if needed.

The process consists of the following steps:

  1. Registering an Azure application for AD.

  2. Adding email settings.

  3. Adding Active Directory Sync settings.

Registering an Azure application and credentials

Complete the steps in this section to create an application registration that you need for email and for syncing to Active Directory. To create your application ID and secret, you must have Application Administrator privileges to log into your Azure Portal and register an app.

Store your application ID and Secret in a safe place as you will need it in Relativity.

Start registering your app by following the steps below:

Start with registering your app by following the steps below:

Note: The person completing the application registration process needs to be an Azure Administrator with sufficient privileges.

  1. Open your Azure Portal.

  2. Click More Services.

  3. Search for and select Microsoft Entra ID (formerly known as Azure AD).

  4. In the left-navigation menu, click App registrations.

  5. Click New Registration.
    This will open the Register an application page.

  6. Enter an application name in the Name field.

  7. Select Accounts in this organizational directory only as the supported account type.

  8. Enter the redirect URL, http://localhost/, as the sign-on URL.

  9. Click Register.

For more information on registering an application in Azure, see Microsoft's documentation or Microsoft's authentication documentation.

From the app's page, add permissions to the web API. To add permissions, follow the steps below:

  1. Click API Permissions.

  2. Click Add a permission.

  3. Click Microsoft Graph.

  4. Select Delegated Permissions.

  5. Select the following options from the Delegated Permissions section:

    • Mail – Mail.Send

    • Mail - Mail.ReadWrite

    • User – User.Read

  6. Click Add Permission.

  7. Click Grant Permission.

  8. Select Application Permissions.

  9. Add the following permissions:

    • Directory - Read.All

    • Group - Read.All

    • User - Read.All

  10. Click Add permissions.

  11. Click Grant Permissions.

Finally, grant Admin consent for the API by following the steps below:

  1. Click the API Permissions tab.

  2. Click Grant admin consent for [tenant].

  3. In the pop-up window, click Accept.

Setup information – email

Use this table below and the documentation for Outgoing Email Settings and Using the Graph API for communicationsas a guide for finding and entering information during the email settings set up.

Field Required information Enter required information
Application Client ID Enter the Application Client ID created during registering the Legal Hold application in Microsoft 365.  
Application Client Secret Enter the Application Client Secret value, not secret ID, created during registering the Legal Hold application in Microsoft 365.  
Domain address of Microsoft Azure instance Enter the Domain name of the Microsoft 365 tenant the collection is for Ex. [tenant ID].onmicrosoft.com.  
From Email Address Leave blank, as Relativity will use the email Inbox that you authenticated with.  
Reply to Email Address Leave blank, as Relativity will use the email Inbox that you authenticated with.  

Setup Information – Entra ID employee information

Use the table below and the Importing from Microsoft Entra ID as a guide for finding and entering information in during Active Directory sync set up. Confirm that you installed the Integration Points and Microsoft Entra ID provider applications in your Relativity workspace before trying to sync with Entra ID.

Integration Points setup fields Enter required information
Application ID from Microsoft Azure  
Application Secret value from Microsoft Azure  
Domain address of Microsoft Azure instance  
Any filtering requirements used to filter imported data. Please discuss this with your Implementation Specialist. Optional

Determine the fields to sync with Relativity.

Required Fields

  • First Name

  • Last Name

  • Email Address

  • Employee ID

Suggested Fields

  • Department

  • Location

  • Phone Number

  • Custom fields

 

SMTP server information

If your organization cannot use the Graph API, you can configure Legal Hold with your company’s SMTP server.

Enter, or make note, of the following settings requirements to set up the integration with your company’s SMTP server.

Information label Description of required information Enter required information
User Name for SMTP The username for the account on the SMTP server used for sending emails. This can be an email address, domain name, or username depending on the server settings. Even if you configure your SMTP server for anonymous authentication, you must input a value. For example, “anonymous."  
Password for SMTP The password for the account on the SMTP server that Legal Hold uses for sending emails. Even if you configure your SMTP server for anonymous authentication, you must input a value. For example, "anonymous."  
Domain The SMTP domain address. For example, “smtp.office365.com”  
SMTP Port

The SMTP port number.

Note: Legal hold outgoing emails are designed to work with SMTP protocol on port 587. If you want to use any other SMTP ports like 25, 465, 2525, you must request Relativity to open that port in the RelativityOne instance.

 
SSL (Y or N) The Secure Sockets Layer. Select Yes to use Secure Sockets Layer security for SMTP. You should consult with your IT department if you are unsure whether your SMTP server uses SSL.  
From Email Address The display name or email address you want to appear when sending communications from Relativity Legal Hold. When an employee receives a project communication, it will appear as if it was sent from the display name or address. For example, use the following verbiage "Display name <email@domain.com>."  
Reply to Email Address The reply to email address. When an employee clicks reply to a project communication, their reply is sent to this address. See the From Email Address example above.  
Email Processor Type Email services can use one of several options to interact with third-party applications. Consult with your IT department if you are unsure which email processor type to use alongside your mail server.  

Microsoft Settings for preservation hold

Microsoft 365 admin account

To connect Relativity Legal Hold to your Microsoft 365 tenant, create a dedicated, non-personal Microsoft 365 service account. The settings for the account are:

Collecting required preservation information

If you intend to use preserve in place and Microsoft 365, you must create an account that has admin permissions. Below are the required credentials before you begin setting up preserve in place.

Field Field description

Required information

 

Enable Modern Authentication Select Yes.  
Organization Enter the fully qualified domain name of your Microsoft tenant, organization, including the ".onmicrosoft.com" portion. For example, relativitytest.onmicrosoft.com.  
Application ID Enter the Application ID that you created.  
Tenant ID Tenant ID Enter the Tenant ID that you created.  
Certificate Attach the self-signed certificate that you created.  
Certificate Password Enter the password that protects the private key of the certificate that you created.  
Domain Name Enter the Microsoft 365 Tenant name. The domain name is located between @ and .onmicrosoft.com. For example, the domain in ediscovery@relativity.onmicrosoft.com is relativity.  
Principal Client ID Enter the Principal Client ID you created in SharePoint Discovery.

Note: Only required if configuring Sharepoint preservation.

 
Principal Client Secret Enter the Principal Client Secret you created in SharePoint Discovery.

Note: Only required if configuring Sharepoint preservation.