Microsoft Entra ID Integration

Overview

The Microsoft Entra ID (formerly Azure Active Directory) integration connects the Virtual-Call Cloud PBX with your organization's Microsoft 365 directory. Once set up, it provides three key capabilities: automatic user and extension provisioning from your Entra ID directory, Single Sign-On (SSO) for the Virtual-Call UC Client, and synchronization of Outlook contacts to users' UC Clients.

This integration is particularly useful for organizations that manage their users centrally in Microsoft 365, as it eliminates the need to create and maintain PBX extensions manually.

What the Integration Provides

• User Synchronization: Users and groups from Microsoft Entra ID are automatically synchronized to the Cloud PBX. Extensions are created and assigned automatically for new users. Changes made in Entra ID (name, email, job title) are reflected in the PBX automatically.
• Single Sign-On (SSO): Synchronized users can log in to the Virtual-Call UC Client using their Microsoft account credentials — no separate PBX password required.
• Outlook Contact Synchronization: Personal Outlook contacts and contacts from shared mailboxes are synchronized to the PBX and made available in the UC Client contact directory.
• Microsoft Teams Presence Synchronization: Users' Microsoft Teams presence status can be synchronized with the PBX.

Prerequisites

• An active Microsoft Entra tenant (Microsoft 365 subscription)
• A Microsoft account with Global Administrator privileges in your Microsoft Entra tenant
• Administrator access to the Virtual-Call Cloud PBX web portal

Setup Overview

The integration requires steps in both the Microsoft Entra admin center and the Cloud PBX web portal. The process is as follows:

Part 1: Register the Application in Microsoft Entra

1. Log in to the Cloud PBX web portal as an administrator.
2. Go to Integrations > Microsoft Entra ID.
3. Note the Redirect URI(s) displayed on the page — you will need these in the next steps.
4. In a separate browser tab, open the Microsoft Entra admin center and sign in with your Global Administrator account.
5. Go to Applications > App registrations and click New registration.
6. Configure the application registration:
   • Name: Enter a descriptive name (e.g., "Virtual-Call PBX Integration")
   • Supported account types: Select Accounts in this organizational directory only
   • Redirect URI: Select Web as the platform and paste the Redirect URI copied from the Cloud PBX portal
7. Click Register.

Part 2: Grant API Permissions

1. In your newly registered application, go to API permissions.
2. Click Add a permission and select Microsoft Graph.
3. Add the required permissions for user synchronization and contact access (Application permissions). The specific permissions required are listed in the Cloud PBX integration configuration page.
4. Click Grant admin consent to approve the permissions for your entire organization.

Part 3: Generate a Client Secret

1. In your application, go to Certificates & secrets > Client secrets.
2. Click New client secret.
3. Enter a description and select an expiry period, then click Add.
4. Important: Copy the secret Value immediately — it will only be shown once.

Part 4: Connect the PBX to Microsoft Entra ID

1. Return to the Cloud PBX web portal > Integrations > Microsoft Entra ID.
2. Enter the following details from your registered application:
   • Tenant ID: Found under the application's Overview page
   • Application (Client) ID: Found under the application's Overview page
   • Client Secret: The secret value you copied in the previous step
3. Click Save and then Test Connection to verify the connection is working.

User Synchronization

After the connection is established, configure which users to synchronize:

1. In the Cloud PBX web portal, go to Integrations > Microsoft Entra ID > User Synchronization.
2. Choose the synchronization scope:
   • All Users: Synchronize all users in your Entra tenant
   • Specific Groups: Only synchronize users belonging to selected Entra groups
   • Custom Filter: Use advanced filters to define which users to include
3. Configure how extensions are assigned to synced users (automatic numbering or based on a specific Entra attribute).
4. Click Save and then Sync Now to run the first synchronization.

Subsequent synchronizations run automatically. Any changes made to users in Entra ID (additions, modifications, or deletions) will be reflected in the PBX after the next sync.

Single Sign-On (SSO)

After the integration is connected, you can enable SSO so users can log in to the UC Client with their Microsoft credentials:

1. In the Cloud PBX web portal, go to Integrations > Microsoft Entra ID > SSO.
2. Enable the Allow SSO Login switch.
3. Ensure the SSO Redirect URI has been added to the Microsoft Entra application (as described in Part 1, step 3).
4. Click Save.

Once enabled, users will see a "Sign in with Microsoft" option on the UC Client login screen.

Outlook Contact Synchronization

To synchronize Outlook contacts from users' mailboxes to the PBX contact directory:

1. In the Cloud PBX web portal, go to Integrations > Collaboration.
2. Under Microsoft Outlook Contacts Synchronization, enable the switch.
3. Optional: Enable Shared Mailbox Contacts Synchronization and select which shared mailboxes to include.
4. Click Save.

Troubleshooting

• Test Connection fails.
  Verify that the Tenant ID, Client ID, and Client Secret are entered correctly. Ensure the client secret has not expired. Check that admin consent was granted for all required API permissions.
• Users are not synchronized after saving the configuration.
  Click Sync Now to trigger an immediate synchronization. Check the sync log for error details.
• SSO login does not work.
  Verify that the SSO Redirect URI is correctly added to the Entra application's redirect URIs. The URI must match exactly, including any trailing slashes.
• Synced users cannot log in with SSO.
  Ensure the user's email address in Entra ID matches the email address on their PBX extension. SSO matching is based on email address.