Deploy Synchronization Application
The Synchronization Application Registration manages the automatic background synchronization between the Live Platform Multitenant portal and the customer’s Microsoft 365 platform (see Monitoring M365 Replication Actions Queue). You must add this registration under the Service Provider Tenant’s Azure subscription for each UMP device. In this procedure, a redirect URL is configured that is used as part of the token authentication for requesting email consent from the customer tenant to connect to their Microsoft Office 365 platform (see Grant Consent using only Token-based Authentication).
In this procedure, the Client ID and the Redirect URL must be configured in the Auth Tokens screen in the Multitenant portal interface (see Step below and described in Pending Invitations). Once this registration is finished, the details of the M365 user configured in this procedure are displayed in the Multitenant portal in the Microsoft 365 Settings screen (see Securing Microsoft 365 Service Provider Access).
Once you complete this registration, administrator roles must be assigned to the customer IT administrator who provides consent to Service Provider IT administrator for using the token authentication (see Grant Roles to Global admin Account).
|
●
|
This is a global registration that is used by AudioCodes Professional Services for all AudioCodes Live Direct Routing and Operator Connect customers. |
|
●
|
The domain names shown in the procedure below are examples only. |
|
●
|
For each customer, a unique redirect URL is defined. |
|
●
|
This procedure must be performed by new customers running a clean installation. For existing customers, the registration must be updated as described in Post Upgrade Actions. |
|
●
|
This application does not require any M365 licenses. |
|
1.
|
Sign-in to the Azure portal for the Service Provider operator tenant with Admin permissions. |
|
2.
|
Under Manage Azure Active Directory, select View. |
|
3.
|
In the Navigation pane, select App registrations. |
|
4.
|
Click New registration. |
|
5.
|
Enter the following details: |
|
●
|
Name: App registration name |
|
●
|
Select account type: Accounts in any organizational directory (Any Azure AD directory - Multitenant) |
|
7.
|
Navigate to the Overview page. |
|
8.
|
Copy the Application (client) ID value to notepad as its required later in the configuration. |
|
9.
|
Click the Add a Redirect URI link to add the Redirect URI. |
The Authentication screen is displayed.
|
10.
|
Under Platform configurations/Redirect URIs, click Add URI. |
|
11.
|
Enter the HTTPS URL of the UMP installation VM (e.g. https://livecloud.finebak.com/authenticate/OAuth2Callback) |
where:
|
●
|
“Finebak.com” is the FQDN of the Azure Virtual Machine where UMP is installed. |
|
●
|
“OAuth2Callback” is the name of the token authentication page inside the registered application. |
|
12.
|
Copy the URI to notepad as it is required later in the configuration. |
|
13.
|
Under Implicit grant and hybrid flows, select the following check boxes: |
|
●
|
Access tokens (used for implicit flows) |
|
●
|
ID tokens (used for implicit and hybrid flows) |
|
14.
|
Under Advanced Settings, set to Yes. |
Verify the MPN ID to ensure that the Consent dialog will automatically be set as a trusted application.
|
15.
|
Click Save to apply changes. |
|
16.
|
In the Navigation pane, select Certificates & Secrets and then click New Client secret. |
|
17.
|
Enter Description, set Expires to 24 months and then click Add. |
|
18.
|
Copy the newly generated secrets’ value to notepad. |
|
19.
|
In the Multitenant portal, open the Authentication Status page (Security > Authentication Status) and do the following: |
