Embedded Files
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services using only one set of login credentials. The primary goal of SSO is to simplify the user experience by reducing the number of times a user has to log in when accessing different systems or services.
In a traditional authentication setup, each application or service requires its own set of credentials, leading to multiple login processes and the need to remember multiple usernames and passwords. SSO addresses this challenge by enabling users to log in once and access various systems or services without re-entering their credentials for each service individually.
To set up an OAuth 2.0 client with Microsoft, you must first register a new application by using App registrations in the Azure Portal.
1. From Azure Portal home, under 'Azure services', select 'Azure Active Directory'.
2. From the left side menu, select 'App registrations'.
3. Select 'New registration'.
4. Fill out the app info.
Please note the Redirect URI must be in this format:
domain_name/auth/azureadv2/callback
Once done, click ‘Register’.
5. To create a Client Secret, click on the ‘Certificates & Secrets’ in the left side menu and click the ‘New client secret’.
6. Copy the Client Secret info.
7. On the Overview page, copy the Application (client) ID.
Both Client Secret and Application (client) ID are needed to complete the CloudPBX configuration.
8. Click the ‘Authentication’ in the left side menu, and in the ‘Implicit grant and hybrid flows’ section, select checkboxes for Access tokens and ID tokens and click Save.
9. Click on ‘API Permissions’ on the left side menu and click Add a permission.
10. In the page that opens on the right side, click on the Microsoft Graph -> Delegated permissions and make sure to select all permissions available in the OpenId permissions section.
In addition, find the Users section and select User.read permission as well.
Click ‘Add permissions’
NOTE: After you complete the configuration, if you experience any issues logging in using the Microsoft service, please navigate back to the API Permissions page and click the Grant admin consent for Default Directory button.
Configure Provider in CloudPBX
Configure Provider in CloudPBX
Login to CloudPBX > Navigate to Tenant > Settings > Single Sign-On > Providers
Edit the required provider
Enable: Enable the Microsoft Entra ID provider for Single Sign-On.
Client ID: The Client ID is obtained during the App configuration.
Client Secret: The Client Secret is obtained during the App configuration.
Tenant ID: Specify your Microsoft Entra ID Tenant ID, which can be copied from your Microsoft Entra ID instance. If left empty, the common tenant will be used, allowing users from any Microsoft Entra ID tenant to authenticate
Configure Other Settings in CloudPBX
Configure Other Settings in CloudPBX
Ensure that other settings in the CloudPBX are configured as required
Report abuse