Integrate Yeastar P-Series Cloud Edition with Microsoft Entra ID

This topic describes how to integrate Yeastar P-Series Cloud Edition with Microsoft Entra ID (Azure Active Directory) .

Requirements

  • Microsoft Entra ID Edition: Free, Office 365 apps, Premium P1, or Premium P2
  • PBX Server: Version 84.8.0.25 or later

Prerequisites

Before you begin, make sure the followings are ready:

  • Your organization already has an Microsoft Entra tenant.
  • Use a Microsoft account with Global Administrator privilege to implement the integration.

Procedure

Step1. Obtain redirect URIs from PBX

Obtain redirect URIs from Yeastar P-Series Cloud Edition, you will need the information when configuring a Microsoft Entra application for the integration.

  1. Log in to PBX web portal, go to Integrations > Collaboration.
  2. Click Integrate beside Microsoft 365.
  3. In the App Registration section, take note of the following redirect URIs.

    • Redirect URI: Used to specify the location to which you are redirected after the integration authentication is completed.
    • Client SSO Redirect URI: Used to set up the Single Sign-on (SSO) feature of Linkus UC Clients.

Step2. Register an application in Microsoft Entra tenant

Register a Microsoft Entra application that will be used to connect Yeastar P-Series Cloud Edition and Microsoft Entra ID.

  1. Log in to Microsoft Azure Portal with the Microsoft Global Administrator account.
  2. In the search bar, search and select Microsoft Entra ID service to enter your organization's directory.

  3. On the left navigation bar of organization's directory, go to App registrations, then click New registration.

  4. In the Register an application page, do as follows:

    1. Enter the registration information of the application.
      • Name: Specify a name to help you identify the application.
      • Supported account types: Select Accounts in this organizational directory only.
      • Redirect URI: In the Select a platform drop-down list, select Web, then paste the Redirect URI obtained from the PBX.
    2. Click Register.

      A Microsoft Entra application is registered successfully.

      The Application (client) ID and Directory (tenant) ID of the application is displayed on the Overview page. Note them down as you will need to fill them into the PBX later.

Step 3. (Optional) Add SSO redirect URI to the Microsoft Entra application

If you want to implement Single Sign-on (SSO) to allow the users synced from Microsoft Entra ID to log in to Linkus UC Clients by their Microsoft accounts, you need to add the Client SSO Redirect URI to the Microsoft Entra application.

  1. On the left navigation bar of the Microsoft Entra application, go to Authentication.

  2. Add the SSO Redirect URI of Linkus UC Clients.

    1. On the Authentication page, click Add URI in the Web section.
    2. Paste the Client SSO Redirect URI obtained from the PBX.
    3. Click Save.

Step 4. Grant permissions to the Microsoft Entra application

Grant the required API application permissions to the Microsoft Entra application, allowing the application to access specified data within Microsoft Entra ID.
  1. On the left navigation bar of the Microsoft Entra application, go to API permissions, then click Add a permission.

  2. In the Select an API page, go to Microsoft APIs > Microsoft Graph.

  3. Click Application permissions.

  4. Add the required application permissions:
    1. In the search bar, enter the keyword to search and select the following required permissions.

      Permission Description
      Directory > Directory.Read.All Allow the application to read data in your organization's directory, such as users and groups.
      User > User.Read.All Allow the application to read the profile properties of users in your organization.
      Group > Group.Read.All Allow the application to read group properties and memberships.
      Contacts > Contacts.Read Allow the application to read personal contacts.
      Presence > Presence.Read.All Allow the application to read users' presence information.
      Presence > Presence.ReadWrite.All Allow the application to set the state of users' presence.
    2. Click Add permissions.

      The selected permissions are added into the permissions list.

    3. Click Grant admin consent for... to grant the permissions to the application.

    4. In the pop-up dialog box, click Yes to proceed.

      The Status of the permissions changes to , indicating that the API permissions have been granted to the application successfully.

Step 5. Generate a client secret for the Microsoft Entra application

Generate a client secret for the Microsoft Entra application to authenticate the application in the integration.

  1. On the left navigation bar of the Microsoft Entra application, go to Certificates & secrets > Client secrets, then click New client secret.

  2. In the Add a client secret page, do as follows:
    1. Add a description and set an expiration date for the client secret.

    2. On the bottom of the page, click Add.

      A client secret is created and displayed in the Client secrets list.

  3. Note down the client secret's Value as you will need to fill it into the PBX later.
    Important: Record the client secret's value before leaving the page, as the key is only shown once. Otherwise, you will have to create a new secret.

Step 6. Connect PBX and Microsoft Entra ID

Fill the application ID and client secret gathered from the Microsoft Entra application into PBX to implement the integration between Yeastar P-Series Cloud Edition and Microsoft Entra ID.

  1. Log in to PBX web portal, go to Integrations > Collaboration.
  2. Click Integrate beside the Microsoft 365 service.
  3. In the App Registration section, enter the following information:
  4. In the Certificates & Secrets section, paste the client secret in the Client Secret field.
  5. Click Save.

    You are redirect to the Microsoft Sign-in page.

  6. Sign in with the Microsoft account that has Global Administrator privilege.

  7. You might be asked to provide an additional security confirmation. Click Next to complete it or skip for now.

  8. In the pop-up window, check the permissions and click Accept to confirm.
    Note: If your PBX server is 84.10.0.30 or later, you can grant consent on behalf of your organization in this page as needed.

  9. On the PBX configuration page, click OK to close the dialog box.

Result

The status of the integration displays Connected, indicating that the PBX is successfully connected to your organization's Microsoft Entra ID.

What to do next

Set up synchronization rules to synchronize the desired users and groups from Microsoft Entra ID to PBX. For more information, see the following topics: