Howto13r3:Configure User Presence Sync by Connector for Microsoft365: Difference between revisions
| No edit summary | |||
| Line 71: | Line 71: | ||
| * '''You have to configure application permission (Presence.ReadWrite.All) as shown in the picture''' | * '''You have to configure application permission (Presence.ReadWrite.All) as shown in the picture''' | ||
| * '''Grant access to the api permissions, if not possible you have to ask an admin''' | * '''Grant access to the api permissions, if not possible you have to ask an admin''' | ||
| [[Image:Azure_Select_Api-Permission.png|thumb|none|600px]] | |||
| [[Image:Azure_Select_Api-Permission_Application.png|thumb|none|600px]] | |||
| [[Image:APIPermission_Connector_for_Microsoft365_Sync_to_Teams.png|thumb|none|600px]] | [[Image:APIPermission_Connector_for_Microsoft365_Sync_to_Teams.png|thumb|none|600px]] | ||
Revision as of 12:45, 6 June 2024
Applies To
This information applies to V13r3
More Information
This article outlines a configuration scheme for Connector for Microsoft365 functionality.
In Preparation you first will need to configure two Application in your Azure Portal (one for each direction). 
After that you will install the App in your Application Platform, and configure everything.
System Requirements
- Licenses innovaphone Connector for Microsoft 365 1 x user
- account in Azure Portal of Microsoft (for technical communictaion, no permission role needed)
 - Must have a Teams License applied, more infos can be found  here
- Must not have multi factor authentication activated
 
- Must have a Teams License applied, more infos can be found  here
- Must have access from the internet to your App Platform
- This can be done by using a reverse proxy or other firewall
 
- The public endpoint must have  a valid, public signed certificate (in order to make a trusted SSL connection from the Azure cloud to the Application Platform possible)
- A valid certificate is required in all involved network entities - at least in the App Platform and if used in the Reverse Proxy; to ensure transmission of MS365 HTTPS POST requests to the app service in order to send notifications.
 
- Admin account for Azure Portal (only necessary for granting needed permission for registered app during setup)
Installation
Configuration in Azure Portal
Create an App for syncing Teams to PBX
- In the Azure Portal of Microsoft you have to add an app registration
- You only have to give a name for the app

- Switch to the authentication on the left
- You only have to configure allow public client flow

- Switch to api permissions on the left
- You have to configure delegated permissions (User.Read.All and Presence.Read.All) as shown in the picture
- Grant access to the api permissions, if not possible you have to ask an admin



With these configurations you can configure the Connector for Microsoft365
- Client ID as shown in the picture
- Tenant ID as shown in the picture
- User
- Password

Create an App for syncing PBX to Teams
- In the Azure Portal of Microsoft you have to add a new app registration
- In the picture you can see that we have 2 values after that which we can use for the configuration of the app

- Switch to Certificates & Secrets on the left
- You only have to configure a client secret and save the value for the configuration of the app

- Switch to api permissions on the left
- You have to configure application permission (Presence.ReadWrite.All) as shown in the picture
- Grant access to the api permissions, if not possible you have to ask an admin



Installing and configuring App Platform and PBX
Installing the connector app
- First you need to install the connector app from the App Store:

- Install the app by selecting
- All apps
- innovaphone AG
- innovaphone myApps Connector for Microsoft 365
- select the current Version
- Click install

Creating an instance for the connector app
- For creating an Instance, in the AP Manager you need to
- select innovaphone myApps Connector for Microsoft 365
- click add

- Insert the following information and save
- The technical Instance Name (we suggest microsoft365)
- Your Domain (This should be the domain you have already configured in your PBX and your Application Platform)
- define a password for the communication between the PBX and the app instance
- define a password for the communication between the app instance and the database
All other fieds should be filled automatically

Creating the PBX app object using the PBX Manager Plugin
- Open the PBX Manager and
- select the AP InstanceNameTile
- Click Add an app

- Specify the Name and the SIP (We suggest using microsoft365for this technical names)

Add the admin app to a user or a template
To be able to configure the connector app, you need users to have access to the admin app.
You can achieve this by adding the app to a user, or to a template. 
In this Howto - as an example - we will add the app to the Config Admin template. 
- In the PBX Manager
- select the Templatestile
- click on the Config Admintemplate

- In the Config Admintemplate
- open Apps
- Check the app namecheckbox
- Save the changes

Configure the connector with the admin app
Now your admins (designated groups or configured user) should have access to the connector admin app. 
- A user with access to the app can now see a new tile in the All Apps area
- The name depends on the configured app namefrom the PBX Manager plugin

Synchronization from Teams to the PBX
- First you will need to configure the inbound syn from Teams to PBX
- Master PBX - Set the name of your Master PBX (Not full DNS name, really just only the PBX name) Good: [pbx] Bad: [pbx.domain.tld]
- ClientIDSynctoPbx - Please insert the Application ID (Client ID) from Azure Portal from the in preparation created Teams to PBX app
- TenantSynctoPbx - Please insert the Directory ID (Tenand) from Azure Portal from the in preparation created Teams to PBX app
- UserSynctoPbx - Please insert the email address (login) from the communication user you are going to use for the communication with the Azure Portal (the user has to have a Teams license and must not have MFA activated, does not need any permission)
- PasswordSynctoPbx - Inset the communication users password
- Notification URL - You need to specify the address Microsoft can send presence updates to.
- You need to make sure that you define a URL where you can reach your App Platform from the public internet public.dns
- Next you need the domain you have configured in the app instance before (3.2.2) your.domain
- Next you need the name of the instance you have configured before (3.2.2) microsoft365
- The URL will always be terminated by subscriptions
 
- You need to make sure that you define a URL where you can reach your App Platform from the public internet 
- https://public.dns/your.domain/microsoft365/subscriptions- After successful configuration and subscription the Microsoft services will connect to the specified Notification URL for presence and line state updates.
- For this to work it is important to make sure that the specified Notification URL is reachable from the Microsoft services, meaning from the public internet.
 
- Save your changes

It can take up to 10 Minutes until all check marks are green and the sync is working
Synchronization from the PBX to Teams
- For the outbound synchronization you select from PBX to Teams in the admin app
- ClientIDSynctoTeams - Please insert the Application ID (Client ID) from Azure Portal from the in preparation created PBX to Teams app
- TenantSyncto Teams - Please insert the Directory ID (Tenand) from Azure Portal from the in preparation created PBX to Teams app
- ClientSecretSynctoTeams - Please insert the shared secret from the in preparation created PBX to Teams app

- For the sync direction from PBX to Teams the app itself needs visibility permissions (presence, on-the-phone) for the users who are should be synced to Teams. The configuration tag is visibility for each user object.