Registering White label Microsoft Government Tenant

You can register the Live Platform Operation Center Application for Multitenancy setup with White label MS Entra Government Service Provider tenants. This enables your Live Platform users to login to Live Platform authenticating through the Microsoft Azure .US domain. You must add a registration on Microsoft Azure portal and then configure the Application (Client) Id and secret in the tenant details App Registration tab in Live Platform along with the White label FQDN for the managed entity. You must also add the Live Platform Admin user to the matching Enterprise application and assign it the Live Platform Admin role. When logging in to Live Platform Operation Center, the URL path includes the defined White label FQDN. This registration requires your to consent to the following permissions: 

Group.Read.All
openid; profile
User.Read
User.Read.All

This setup requires a license on the Azure US Domain and also you must ensure that the White-label FQDNs are added to your DNS server.

To register Live Platform application:
1. Login to Azure portal with Global Admin permissions for the White Label government tenant.
2. In the Navigation pane, select App registrations and then click New registration.

3. Enter the name of the MS Entra Government tenant.
4. Select the check box Accounts in any organizational directory (Any Microsoft Entra ID Tenant-Multitenant).
5. Under Redirect URI, add the Redirect URI for the Live Platform (see example above).
6. Click Register.

The newly registered application is displayed.

7. Note the Application (Client) ID and the Tenant ID as you need to configure them in Live Platform (see Adding Service Provider Tenants).
8. Double-click the new application i.e. usgov-saas-auth (in this example) to configure it.
9. In the Navigation pane, select Certificates & secrets.
10. Click New client secret.
11. Enter a description and from the drop-down list select 24 months.
12. Click Add.

13. Copy the secret Value to clipboard as its required in later configuration and cannot be retrieved once you leave this screen.
14. In the Navigation pane, select Authentication.

15. Under Implicit grant and hybrid flows, select Access tokens, and ID tokens check boxes.
16. Click Save.

17. In the Navigation pane, select Token configuration.

18. Click Add optional claim, choose ID type, upn optional claim, and then click Add to confirm.

19. Select the Turn on the Microsoft Graph profile permission check box and then click Add. This adds the Profile permission to the API permissions list.

This configuration assumes that all operators have been added to the Active Directory in UPN format e.g. Johnb@firm.com. If operators have been added in email format e.g. John.Brown@firm.com then they will not be able to connect to Live Platform in the multitenancy setup.

20. In the Navigation pane, select API permissions.

21. Click Add a permission and then click the Microsoft Graph link.

22. Click Delegated permissions.

23. Select permission User.Read.All and then click Add permissons.

24. Repeat the process to add the following permissions:
openid
Group.Read.All

The configured API permissions are displayed.

25. Click Grant admin consent for Audiocodes, Inc .

The permissions are granted as indicated by the green tick adjacent to each permission.

 

26. In the Navigation pane, select App roles.

27. Create an app role with Admin permissions:
In the Display Name field, enter Administrators or Admins
Select Users/Groups check box
Enter value OVOCAdmin
Select the Do you want to enable this app role check box.
Click Apply

28. Repeat the process described above to create an App role with Operator permissions with value OVOCOperator.

29. Repeat the above process to create an App role with Monitor permissions with value OVOCMonitor.

30. Repeat the above process to add an App role with OperatorLite permissions with value OVOCOperatorLite.

The new roles are displayed:

31. In the Live Platform Operation Center, in the Topology tree, edit the Service Provider tenant for which you wish to custom white-label.

32. In the General tab, enter the Tenant ID of the white-label tenant registration that you defined on Azure portal above.
33. Click the App Registration tab.

34. Configure the FQDN of the White Label FQDN. In the example above, 'gov-sp. trunkpack.com'.

The FQDN should be defined in the relevant DNS zone on Azure or another DNS server.

35. Select MS Entra Government.
36. Enter the credentials of the registration that you defined on the Azure portal above:
Microsoft Tenant ID
Azure Client ID
Azure Client Secret
37. Click OK.
38. In the Azure portal, open the Enterprise Application for the new White Label registration that you created above (it has the same name as the Application registration that you created above).

39. In the Navigation pane, click Users and groups.

40. Click Add user/group.

41. Select the user for which you wish to configure as Live Platform Service Provider Admin user, and then click Select.

42. Select the Administrator role and then click Select.

43. Click Assign.

The user assignment is displayed.

 

 

44. Login with the credentials of the Service Provider Admin user that you defined above. Note that the FQDN that you configured in the details for the Service Provider tenant in Live Platform is displayed in the login URL. In the Operator Actions menu, see the details of the logged in Service Provider administrator.