Howto13r3:Configure User Presence Sync by Connector for Microsoft365: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
No edit summary
Line 71: Line 71:
* '''You have to configure application permission (Presence.ReadWrite.All) as shown in the picture'''
* '''You have to configure application permission (Presence.ReadWrite.All) as shown in the picture'''
* '''Grant access to the api permissions, if not possible you have to ask an admin'''
* '''Grant access to the api permissions, if not possible you have to ask an admin'''
[[Image:Azure_Select_Api-Permission.png|thumb|none|600px]]
[[Image:Azure_Select_Api-Permission_Application.png|thumb|none|600px]]


[[Image:APIPermission_Connector_for_Microsoft365_Sync_to_Teams.png|thumb|none|600px]]
[[Image:APIPermission_Connector_for_Microsoft365_Sync_to_Teams.png|thumb|none|600px]]

Revision as of 12:45, 6 June 2024

Applies To

This information applies to V13r3

More Information

This article outlines a configuration scheme for Connector for Microsoft365 functionality.
In Preparation you first will need to configure two Application in your Azure Portal (one for each direction).
After that you will install the App in your Application Platform, and configure everything.


System Requirements

  • Licenses innovaphone Connector for Microsoft 365 1 x user
  • account in Azure Portal of Microsoft (for technical communictaion, no permission role needed)
    • Must have a Teams License applied, more infos can be found here
    • Must not have multi factor authentication activated
  • Must have access from the internet to your App Platform
    • This can be done by using a reverse proxy or other firewall
  • The public endpoint must have a valid, public signed certificate (in order to make a trusted SSL connection from the Azure cloud to the Application Platform possible)
    • A valid certificate is required in all involved network entities - at least in the App Platform and if used in the Reverse Proxy; to ensure transmission of MS365 HTTPS POST requests to the app service in order to send notifications.
  • Admin account for Azure Portal (only necessary for granting needed permission for registered app during setup)

Installation

Configuration in Azure Portal

Create an App for syncing Teams to PBX

  • In the Azure Portal of Microsoft you have to add an app registration
  • You only have to give a name for the app
App Registration
  • Switch to the authentication on the left
  • You only have to configure allow public client flow
  • Switch to api permissions on the left
  • You have to configure delegated permissions (User.Read.All and Presence.Read.All) as shown in the picture
  • Grant access to the api permissions, if not possible you have to ask an admin

With these configurations you can configure the Connector for Microsoft365

  • Client ID as shown in the picture
  • Tenant ID as shown in the picture
  • User
  • Password

Create an App for syncing PBX to Teams

  • In the Azure Portal of Microsoft you have to add a new app registration
  • In the picture you can see that we have 2 values after that which we can use for the configuration of the app
  • Switch to Certificates & Secrets on the left
  • You only have to configure a client secret and save the value for the configuration of the app
  • Switch to api permissions on the left
  • You have to configure application permission (Presence.ReadWrite.All) as shown in the picture
  • Grant access to the api permissions, if not possible you have to ask an admin

Installing and configuring App Platform and PBX

Installing the connector app

  • First you need to install the connector app from the App Store:
  • Install the app by selecting
  1. All apps
  2. innovaphone AG
  3. innovaphone myApps Connector for Microsoft 365
  4. select the current Version
  5. Click install

Creating an instance for the connector app

  • For creating an Instance, in the AP Manager you need to
  1. select innovaphone myApps Connector for Microsoft 365
  2. click add
  • Insert the following information and save
  1. The technical Instance Name (we suggest microsoft365)
  2. Your Domain (This should be the domain you have already configured in your PBX and your Application Platform)
  3. define a password for the communication between the PBX and the app instance
  4. define a password for the communication between the app instance and the database

All other fieds should be filled automatically

Creating the PBX app object using the PBX Manager Plugin

  • Open the PBX Manager and
  1. select the AP InstanceName Tile
  2. Click Add an app
  • Specify the Name and the SIP (We suggest using microsoft365 for this technical names)

Add the admin app to a user or a template

To be able to configure the connector app, you need users to have access to the admin app.
You can achieve this by adding the app to a user, or to a template.
In this Howto - as an example - we will add the app to the Config Admin template.

  • In the PBX Manager
  1. select the Templates tile
  2. click on the Config Admin template
  • In the Config Admin template
  1. open Apps
  2. Check the app name checkbox
  3. Save the changes

Configure the connector with the admin app

Now your admins (designated groups or configured user) should have access to the connector admin app.

  • A user with access to the app can now see a new tile in the All Apps area
  • The name depends on the configured app name from the PBX Manager plugin
Synchronization from Teams to the PBX
  • First you will need to configure the inbound syn from Teams to PBX
  1. Master PBX - Set the name of your Master PBX (Not full DNS name, really just only the PBX name) Good: [pbx] Bad: [pbx.domain.tld]
  2. ClientIDSynctoPbx - Please insert the Application ID (Client ID) from Azure Portal from the in preparation created Teams to PBX app
  3. TenantSynctoPbx - Please insert the Directory ID (Tenand) from Azure Portal from the in preparation created Teams to PBX app
  4. UserSynctoPbx - Please insert the email address (login) from the communication user you are going to use for the communication with the Azure Portal (the user has to have a Teams license and must not have MFA activated, does not need any permission)
  5. PasswordSynctoPbx - Inset the communication users password
  6. Notification URL - You need to specify the address Microsoft can send presence updates to.
    1. You need to make sure that you define a URL where you can reach your App Platform from the public internet public.dns
    2. Next you need the domain you have configured in the app instance before (3.2.2) your.domain
    3. Next you need the name of the instance you have configured before (3.2.2) microsoft365
    4. The URL will always be terminated by subscriptions
  • https://public.dns/your.domain/microsoft365/subscriptions
    • After successful configuration and subscription the Microsoft services will connect to the specified Notification URL for presence and line state updates.
    • For this to work it is important to make sure that the specified Notification URL is reachable from the Microsoft services, meaning from the public internet.
  • Save your changes

It can take up to 10 Minutes until all check marks are green and the sync is working

Synchronization from the PBX to Teams
  • For the outbound synchronization you select from PBX to Teams in the admin app
  1. ClientIDSynctoTeams - Please insert the Application ID (Client ID) from Azure Portal from the in preparation created PBX to Teams app
  2. TenantSyncto Teams - Please insert the Directory ID (Tenand) from Azure Portal from the in preparation created PBX to Teams app
  3. ClientSecretSynctoTeams - Please insert the shared secret from the in preparation created PBX to Teams app
  • For the sync direction from PBX to Teams the app itself needs visibility permissions (presence, on-the-phone) for the users who are should be synced to Teams. The configuration tag is visibility for each user object.

Related Articles

Concept App Service Connector for Microsoft 365