Configuring Azure Settings in OVOC Web

Service Provider  operators are authenticated directly with the Active Directory on the Azure Office 365 platform.

To configure Azure operator authentication settings:
1. Open the Authentication page (System > Administration > Security > Authentication) and from the 'Authentication Type' drop-down, select AZURE.

A screenshot of a computer Description automatically generated

2. From the 'Azure AD Path Type File' drop-down, select Organizations (default). OVOC can access Azure AD in the enterprise network if a standard service is purchased.
3. In the 'Azure Tenant ID' field, enter the Tenant ID of the Main Tenant.
4. In the 'Azure Client ID' field, enter the ID of the Azure AD client of the Main Tenant.
5. In the 'Azure Client Secret' field, enter the client secret of the Main Tenant.
6. In the screen section 'GW / SBC / MSBR Authentication', select the option 'Use AD Credentials for Device Page Opening' for the OVOC to sign operators in to AudioCodes devices using the same credentials they used to sign in to OVOC. The AudioCodes device will then perform authentication with the Azure AD and login to the device will be attempted with same AD user name / password instead of the local device user name / password. Note that the device must be also be configured to authenticate with the same AD.

When a Main Tenant operator attempts to connect to OVOC, OVOC verifies the mapped Azure User Group to which the operator is a member.

In the Tenant Details screen under the Operators tab, the parameter AD Authentication: Group Name points to the Azure group which includes the Main Tenant operators who are authorized to login to OVOC using this method.
If the Azure AD successfully validates that the operator belongs to the AD Authentication Group Name (see example below), its and allowed  access.

Graphical user interface, text, application Description automatically generated

Graphical user interface, application Description automatically generated

Graphical user interface, text, application Description automatically generated

7. In the screen section Authorization Level Settings, configure the user group names exactly as defined in Azure. When an operator is not assigned to a group on Azure, the parameter 'Default Operator Type and Security Level' is applied.

Graphical user interface, text, application, email Description automatically generated

Graphical user interface, text, application, email Description automatically generated

8. In the Tenant Details, enter the "Azure Tenant ID" of the external managed tenant as shown in the screen below.

Graphical user interface, application Description automatically generated

9. If you are managing channels, in the Channels Details, enter the "Azure Tenant ID" of the external managed tenant as  shown in the screen below.

Graphical user interface, text, application Description automatically generated