Deploy Sync App on AudioCodes Azure Subscription

The Delegated Token Synchronization App registration is used to secure a Token invitation link to the Invitation wizard for performing customer Onboarding for Direct Routing and Operator Connect services. You must add this registration on the service provider tenant’s Microsoft Entra ID for each managed UMP-365 instance. The registration includes the configuration of an Authentication Portal URL (Token Invitation link) to the Invitation wizard that is sent to the customer M365 tenant global admin email account (also accessible from the Pending Invitations page, see figure below. In addition, the registration also includes the configuration of a Redirect (OAuth2Callback) URL which redirects the Microsoft authentication process back to Live Platform when the customer creates a new registration (Delegated Token or App registration) on their Microsoft Entra ID tenant from the Invitation wizard. This registration is then used to complete the Onboarding of the Direct Routing and Operator Connect services and for Background task replication synchronization in day-to-day operations.

➢

Do the following:

1.

Sign-in to Microsoft Entra ID for the Service Provider operator tenant with Global Admin permissions.

2.

Under Manage Azure Active Directory, select View.

3.

In the Navigation pane, select Manage > App registrations.

4.

Click New registration.

5.

Enter the following details:

●

Name: App registration name

●

Select account type: Multiple Entra ID tenants

6.

Click Register.

7.

Navigate to the Overview page.

8.

Copy the Application (client) ID value to notepad as it is configured later in this procedure.

9.

Click the Add a Redirect URI link to add the Redirect URI. The Authentication (Preview) screen is displayed.

10.

Click Add Redirect URI.

11.

Select the Web option.

12.

Enter the Redirect URL in the following format: https://<appname>.<serviceproviderFQDN>/authenticate/OAuth2Callback

For example: " https://umptoken.finebak.com/authenticate/OAuth2Callback"

where:

●

<appname> is the name of the Delegated Token app.

●

<serviceprovidername.com> is the FQDN and registered Sub domain of the Service Provider (see Setting up Fully Automatic DNS Provisioning).

●

“OAuth2Callback” is the name of the Token Authentication page inside the registered application

●

The "https://umptoken.finebak.com/authenticate/OAuth2Callback" Redirect (OAuth2Callback) URL is used by Microsoft to redirect back to Live Platform during the creation of a new registration on the M365 customer tenant.

●

The "https://umptoken.finebak.com/authenticate" Authentication Portal URL is the Token Invitation link to the Invitation wizard that is sent to the global admin of the M365 customer tenant at the beginning of the onboarding process.

13.

Copy the URL values to notepad as they are configured later in this procedure.

14.

Under "Implicit grant and hybrid flows", select the following:

●

Access tokens (used for implicit flows)

●

ID tokens (used for implicit and hybrid flows)

15.

Click Configure.

16.

Click the Settings tab.

17.

Enable Allow public client flows and then click Save.

18.

In the Navigation pane, select Manage > Certificates & Secrets and then click New Client secret.

19.

Enter Description, set Expires to 24 months and then click Add.

20.

Copy the newly generated secrets’ value to notepad as it is configured later in this procedure.

21.

In the Multitenant portal, open the System Settings page (Configuration > UMP > System Settings ).

22.

Paste the Application (client) ID, Client secret and Redirect (OAuth2Callback) URL that you saved to notepad to the respective fields, and then click Apply Changes.

23.

Paste the Authentication portal URL that you saved to notepad and then click Apply Changes.