User Guide
Nitro PDF Pro Windows

Deploying Azure Information Protection (AIP)

This guide outlines the steps needed to set up the Azure Information Protection in Nitro PDF Pro.

Step 1: Deploy Nitro Pro with Azure Information Protection enabled on a client-side

  1. Download Nitro Pro installer. 
  2. Install Nitro Pro: follow the installer steps as usual. 
  3. After Nitro Pro is installed: 
    1. Activate Nitro Pro 
    2. Close Nitro Pro 
    3. In the registry, enable AIP Classification and Labeling: 
      AIP 1.jpg
      NOTE: the key must be enabled on each workstation where the users need to access Azure Information Protection features within Nitro Pro.

Step 2: Log in to Azure from Nitro Pro as Azure Administrator

This step is required to add Nitro Pro to the Azure tenancy so Azure Administrator can grant Admin consent for this application.

  1. Restart Nitro PDF Pro.
  2. Wait while SSO dialog appears and log in as an Azure Administrator.
    NOTE: If the current Windows user account does not have associated email, Nitro Pro first will prompt to enter an email before showing SSO dialog.
  3. After a successful login, Nitro PDF Pro prompts to accept User Consent. Please, accept user consent:
  4. At this point, Nitro PDF Pro is successfully logged into Azure

Step 3: Grant Nitro Pro Admin consent

  1. Login to as Azure Administrator 
  2. Go to Manage Azure Active Directory 
  3. Select “Enterprise applications” on a left side panel 
  4. Find “Nitro Pro” in the applications list and click on it 
  5. IMPORTANT: On a left side panel, click “Properties” 
    1. Ensure that Application ID is a98220f5-06d3-4bc5-9520-c7454eb24460 
    2. Ensure that “Enabled for users to sing-in?” is Yes 
  6. On a left side panel, click on “Permissions” 
  7. Click “Grant Admin consent for <your tenant name>”. Azure will ask you to log in one more time as Azure Administrator. When login is successful, this consent dialog will appear: 
  8. Click Accept and the Admin consent for Nitro Pro will be added

Explaining Nitro Pro permission request

PermissionsTypeDescriptionNeeded for featureNotes

Azure Rights Management Service  :  

user_impersonation  Delegated Create and access protected content for user - Azure Information Protection Requested by MIP SDK when reading policy and labels. 
Content.DelegatedWriterApplicationCreate protected content on behalf of a user- Azure Information Protection Requested by MIP SDK to protect a document
Microsoft Information Protection Sync Services   :
UnifiedPolicy.User.Read  Delegated Read all unified policies a user has access to - Azure Information Protection Requested by MIP SDK when reading policy and labels. 

Microsoft Graph  :
User.Read  Delegated Sign in and read user profile - SharePoint Online 
- OneDrive 
- Azure Information Protection 
Allows sign in, called "generally required" in MS docs. 
Files.ReadWrite  Delegated Have full access to user files - OneDrive
- SharePoint Online 
Delegated Create, edit, and delete items and list in site collections - SharePoint OnlineNeeded to upload files to SharePoint. 
Offline_access  DelegatedMaintain access to data you have given it access to - OneDrive
- SharePoint Online 
Give access to refresh tokens, called "generally required" in MS docs.