Integrate Yeastar P-Series Cloud Edition with Azure Active Directory

This topic describes how to integrate Yeastar P-Series Cloud Edition with Azure Active Directory (Azure AD).

Requirements

  • Azure Active Directory Edition: Free, Office 365 apps, Premium P1, or Premium P2
  • PBX Server: Version 84.8.0.25 or later

Prerequisites

Before you begin, make sure the followings are ready:

  • Your organization already has an Azure Active Directory tenant.
  • Use a Microsoft Azure account with Global Administrator privilege to implement the integration.

Procedure

Step1. Obtain redirect URIs from PBX

Obtain redirect URIs from Yeastar P-Series Cloud Edition, you will need the information when configuring an Azure AD application for the integration.

  1. Log in to PBX web portal, go to Integrations > Collaboration.
  2. Click Integrate beside the Microsoft 365.
  3. In the App Registration section, take note of the following redirect URIs.

    • Redirect URI: Used to specify the location to which you are redirected after the integration authentication is completed.
    • Linkus Web Client SSO Redirect URI: Used to set up the Single Sign-on (SSO) feature of Linkus Web Client.

Step2. Register an application in Azure AD tenant

Register an Azure AD application that will be used to connect Yeastar P-Series Cloud Edition and Azure AD.

  1. Log in to Microsoft Azure Portal with the Microsoft Azure Global Administrator account.
  2. In the search bar, search and select Azure Active Directory service to enter your organization's directory.

  3. On the left navigation bar of organization's directory, go to App registrations, then click New registration.

  4. In the Register an application page, do as follows:

    1. Enter the registration information of the application.
      • Name: Specify a name to help you identify the application.
      • Supported account types: Select Accounts in this organizational directory only.
      • Redirect URI: In the Select a platform drop-down list, select Web, then paste the Redirect URI obtained from the PBX.
    2. Click Register.

      An Azure AD application is registered successfully.

      The Application (client) ID and Directory (tenant) ID of the application is displayed on the Overview page. Note them down as you will need to fill them into the PBX later.
      Note: The Directory (tenant) ID is required if your PBX server is 84.10.0.30 or later.

Step3. (Optional) Add SSO redirect URI to the Azure AD application

If you want to implement Single Sign-on (SSO) to allow the synced Azure AD users to log in to Linkus Web Client by their Microsoft accounts, you need to add the Linkus Web Client SSO Redirect URI to the Azure AD application.

  1. On the left navigation bar of the Azure AD application, go to Authentication.

  2. Add the SSO Redirect URI of Linkus Web Client.

    1. On the Authentication page, click Add URI in the Web section.
    2. Paste the Linkus Web Client SSO Redirect URI obtained from the PBX.
    3. Click Save.

Step4. Grant permissions to the Azure AD application

Important: You DO NOT need to perform this step if your PBX server is 84.10.0.30 or later.
Grant the required API application permissions to the Azure AD application, allowing the application to access specified data within Azure Active Directory.
  1. On the left navigation bar of the Azure AD application, go to API permissions, then click Add a permission.

  2. In the Select an API page, go to Microsoft APIs > Microsoft Graph.

  3. Click Application permissions.

  4. Add the required application permissions:
    1. In the search bar, enter the keyword to search and select the following required permissions.

      Permission Description
      Directory > Directory.Read.All Allow the application to read data in your organization's directory, such as users and groups.
      User > User.Read.All Allow the application to read the profile properties of users in your organization.
      Group > Group.Read.All Allow the application to read group properties and memberships.
    2. Click Add permissions.

      The selected permissions are added into the permissions list.

    3. Click Grant admin consent for... to grant the permissions to the application.

    4. In the pop-up dialog box, click Yes to proceed.

      The Status of the permissions changes to , indicating that the API permissions have been granted to the application successfully.

Step5. Generate a client secret for the Azure AD application

Generate a client secret for the Azure AD application to authenticate the application in the integration.

  1. On the left navigation bar of the Azure AD application, go to Certificates & secrets > Client secrets, then click New client secret.

  2. In the Add a client secret page, do as follows:
    1. Add a description and set an expiration date for the client secret.

    2. On the bottom of the page, click Add.

      A client secret is created and displayed in the Client secrets list.

  3. Note down the client secret's Value as you will need to fill it into the PBX later.
    Important: Record the client secret's value before leaving the page, as the key is only shown once. Otherwise, you will have to create a new secret.

Step6. Connect PBX and Azure AD

Fill the application ID and client secret gathered from the Azure AD application into PBX to implement the integration between Yeastar P-Series Cloud Edition and Azure Active Directory.

  1. Log in to PBX web portal, go to Integrations > Collaboration.
  2. Click Integrate beside the Microsoft 365 service.
  3. In the App Registration section, enter the following information:
  4. In the Certificates & Secrets section, paste the client secret in the Client Secret field.
  5. Click Save.

    You are redirect to the Microsoft Sign-in page.

  6. Sign in with the Microsoft Azure account that has Global Administrator privilege.

  7. You might be asked to provide an additional security confirmation. Click Next to complete it or skip for now.

  8. In the pop-up window, check the permissions and click Accept to confirm.
    Note: If your PBX server is 84.10.0.30 or later, you can grant consent on behalf of your organization in this page as needed.

  9. On the PBX configuration page, click Yes to close the dialog box.

Result

The status of the integration displays Connected, indicating that the PBX is successfully connected to your organization's Azure Active Directory.

What to do next

Set up synchronization rules to synchronize the desired Azure AD users and groups to PBX. For more information, see the following topics: