Reference13r3:Concept App Service Connector for Microsoft 365: Difference between revisions
No edit summary |
No edit summary |
||
| Line 194: | Line 194: | ||
* If the URL is modified and the used build number is added, an app has answered your request | * If the URL is modified and the used build number is added, an app has answered your request | ||
** Example: <code>https://public.dns/your.domain/microsoft365/subscriptions</code> is modified to <code>https://public.dns/your.domain/microsoft365/<b>137786</b>/subscriptions</code> | ** Example: <code>https://public.dns/your.domain/microsoft365/subscriptions</code> is modified to <code>https://public.dns/your.domain/microsoft365/<b>137786</b>/subscriptions</code> | ||
** If this is not the case, your URL is wrong. (Be aware: The URL depends on the settings of the | ** If this is not the case, your URL is wrong. (Be aware: The URL depends on the settings of the web server path of your app instance) | ||
'''Be aware:''' The URL-Recognition in the Application Platform is '''case sensitive'''. | '''Be aware:''' The URL-Recognition in the Application Platform is '''case sensitive'''. | ||
= Known Issues = | |||
== Special Characters In Password == | |||
If you are using special characters (*, &, (, ), etc.) in you password you could possibly run into a problem with the authentication of the communication user.<br> | |||
The authentication failed status is beeing displayed. <br> | |||
For the moment the only workaround is to eliminate special characters from you password. | |||
= Related Articles = | = Related Articles = | ||
Revision as of 11:52, 24 July 2023
Applies To
- innovaphone PBX from version 13r3
Overview
Connector for Microsoft 365 synchronises Microsoft Teams presences with the innovaphone PBX and back.
Requirements
- innovaphone PBX
- innovaphone Application Platform
- App(Connector for Microsoft 365)
- PBX-App(innovaphone-microsoft365) license per user - order no. 02-00050-009
Concept
Configuration
Please have a look into our Howto guide for basic configuration aid.
Technical Overview
If the Connector for Microsoft 365 app is fully configured, the app connects to Microsoft to obtain a token. With the token, the app gets the teams users (with a Teams license) through the Microsoft Graph Api. A presence subscription to Microsoft is started with the licensed users of the PBX to get presence changes in Microsoft Teams for these users. A user subscription is also started to get changes of the users (adding, deleting or update). If a user has changed, the Teams users are retrieved again. If the presence has changed, it is forwarded to the PBX. The presences of Teams are mapped to the presences of the PBX.
- User subscriptions are renewed every 60 minutes.
- Presence subscriptions are renewed every 10 minutes.
- License Check is made before every presence subscription.
The app synchronises the PBX presence with Teams through the Graph Api. The on-the-phone presence will be renewed every 5 minutes. The other presences have a lifetime of 1 day but the away has a lifetime of 7 days. The lifetimes are described here
Please be aware: The actual change of presence or line state will be live, the above-mentioned subscriptions are needed to register against the Microsoft API for changes. After successful subscription Microsoft will trigger the Connector for Microsoft 365 App every time a presence or line state for a user has changed. The subscription will then be renewed in the above-mentioned time interval to receive further live updates.
User Matching
Until Version 13r3sr4
To match users we compare the Microsoft Name (technical "displayName") property with our PBX Long Name (cn) or The ID from the "Users Admin" App.
Since Version 13r3sr4
Since Service Release 4 of the Connector for Microsoft 365 App you now can choose the fields used for user matching on either side from the following options:
- PBX
- CN (Long Name property from the PBX user object)
- h323 (Name property from the PBX user object)
- Azure Portal
- displayName
- mailNickname
- onPremisesDistinguishedName
- onPremisesSamAccountName
- onPremisesUserPrincipalName
- userPrincipalName
Additionally, you have the possibility to remove a possibly contained domain from the Azure fields content.
Example: 'user@domain.tld' is transformed to 'user', if this option is checked.
Mapping Table
| Teams Presence | PBX Presence |
|---|---|
| Away | away |
| BeRightBack | away |
| Busy | busy |
| DoNotDisturb | dnd |
| InACall | on-the-phone |
| InAMeeting | meeting |
| Inactive | online |
| PresenceUnknown | online |
| Available | online |
| Offline | online |
| Offwork | online |
| OutOfOffice | away |
| UrgentInterruptionsOnly | dnd |
| Presenting | on-the-phone |
| InAConferenceCall | on-the-phone |
The value "online" unsets the Teams presence in the PBX.
Master/Slave
For Master/Slave combination the "Connector for Microsoft 365" App has to be added to the slave (if no full replication is on). The slave websocket connection is needed to display "on-the-phone" presence.
Related Articles
Known Limitation
Maximum number of supported users
Currently, only 650 users can be subscribed for the presence subscription.
This limitation is caused by Microsoft.
Trying to subscribe more than 650 users by using the presence subscription API will be declined by the graph API with an error message, that too many users are requested.
(The following article is also mentioning the limitation in the 3rd paragraph at bullet point 2: https://devblogs.microsoft.com/microsoft365dev/get-notified-of-presence-changes-the-microsoft-graph-presence-subscription-api-is-now-available-in-public-preview/)
For use cases with larger Environments:
If there are more than 650 active user with an active Microsoft Teams license in the environment, you can still use the Innovaphone license for the Connector For Microsoft 365 to select which users should be synchronized.
For now, you need to make sure not to assign more than 650 users with such an License in the PBX.
(Only users with an assigned license for the Connector For Microsoft 365 App will be subscribed.)
Communication User (UserSynctoPbx)
Users with MFA (multi-factor-authentication) are not supported as technical communication user for the Connector.
Subscription Timeout
Situation
Due to a current limitation in the Graph API it is not possible to cancel or delete an active presence subscription.
As you can see in the of the current Graph API (1.0) the “Delete subscription” chapter does not include presence subscriptions.
It is also not possible to have multiple subscription in parallel.
To make sure to only request a new presence subscription when the old one is not valid anymore, the app will store the state of the presence subscription and the time until it is valid in the database.
As mentioned in the chapter “Technical Overview” we are creating presence subscriptions with a validity of 10 minutes.
The presence subscription will be renewed as soon as it is no longer valid which will be 10 minutes after initial subscription.
Impact
If settings are changed or the app instance is restarted it will check the corresponding database entry on startup.
In case the last presence subscription was completed less than 10 minutes ago, there is still an active presence subscription and the app has to wait for it to become invalid.
Some Changes (e.g., to the “Notification-URL”) will only take effect after a new created subscription.
The current Beta Version of the Graph API is already providing a function to delete presence subscriptions, so we hope we can improve this behavior in the future.
Troubleshooting
Creating an app trace
For further analysis and creating a support ticket it will be useful to have a suitable app trace.
Before creating the trace please make sure the following trace flags are activated for the app instance:
- App
- Database
- HTTP client
- TLS
- TCP
- App WebSocket
- Config
- Webserver
After setting the config flags, please make sure to
- stop the instance
- deleting the current instance log
- start the instance
Now please wait 12 Minutes before you save the log, otherwise we could not have the whole picture in the trace.
GUI Feedback
The app itself shows required states with green and red as connections to the Master PBX, Authentication and Presence Subscription to identify if there are problems. Sometimes it needs a little bit time until the states are changed. If the states remain, it is mandatory to enable logs on the app platform and check for more information.
Teams License for communication user
If presence subscription does not work, please check if the configured user has a Microsoft Teams license and no multifactor authentication is in use for this particular user.
Sometime after changing setting or after the instance has restarted it can take up to 12 minutes until the presence subscription is working correctly.
SSL Certificate for notification URL
It also is useful to make sure the notification URL has a valid and public signed certificate.
You can do that, using an SSL-Checker, for example: https://www.sslshopper.com/ssl-checker.html
Without a valid, public signed certificate, Microsoft will decline the connection since it will not be possible to establish a trust relationship for the SSL/TLS secure channel.
Correctness of notification URL
You can try to open the notification URL in your Browser
Most likely you will see a HTTP 404 (Not Found) error message, which is the expected behavior since we are not providing an HTML website, the HTTP GET request from the browser will not be answered with content.
This is perfectly fine since Microsoft will send presence updates with HTTP POST and will not try to request content from our app.
What you can find out by trying to open the URL in your browser are the two following things:
- If you receive a HTTP 404 error message you are most likely connected to an App Platform, if not you need to check your DNS (and maybe also reverse proxy) settings.
- If the URL is modified and the used build number is added, an app has answered your request
- Example:
https://public.dns/your.domain/microsoft365/subscriptionsis modified tohttps://public.dns/your.domain/microsoft365/137786/subscriptions - If this is not the case, your URL is wrong. (Be aware: The URL depends on the settings of the web server path of your app instance)
- Example:
Be aware: The URL-Recognition in the Application Platform is case sensitive.
Known Issues
Special Characters In Password
If you are using special characters (*, &, (, ), etc.) in you password you could possibly run into a problem with the authentication of the communication user.
The authentication failed status is beeing displayed.
For the moment the only workaround is to eliminate special characters from you password.