Tutorial: Azure Active Directory integration with Mitel MiCloud Connect or CloudLink Platform

In this tutorial, you will learn how to use the Mitel Connect app to integrate Azure Active Directory (Azure AD) with Mitel MiCloud Connect or CloudLink Platform. The Mitel Connect app is available in the Azure Gallery. Integrating Azure AD with MiCloud Connect or CloudLink Platform provides you with the following benefits:

  • You can control users' access to MiCloud Connect apps and to CloudLink apps in Azure AD by using their enterprise credentials.
  • You can enable users on your account to be automatically signed in to MiCloud Connect or CloudLink (single sign-on) by using their Azure AD accounts.

Prerequisites

To configure Azure AD integration with MiCloud Connect, you need the following items:

  • An Azure AD subscription. If you don't have an Azure AD environment, you can get a free account.
  • A Mitel MiCloud Connect account or Mitel CloudLink account, depending on the application you want to configure.

Scenario description

In this tutorial, you'll configure and test Azure AD single sign-on (SSO).

  • Mitel Connect supports SP initiated SSO.

To configure the integration of Mitel Connect into Azure AD, you need to add Mitel Connect from the gallery to your list of managed SaaS apps.

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
  2. On the left navigation pane, select the Azure Active Directory service.
  3. Navigate to Enterprise Applications and then select All Applications.
  4. To add new application, select New application.
  5. In the Add from the gallery section, type Mitel Connect in the search box.
  6. Select Mitel Connect from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO

In this section, you'll configure and test Azure AD SSO with MiCloud Connect or CloudLink Platform based on a test user named Britta Simon. For single sign-on to work, a link must be established between the user in Azure AD portal and the corresponding user on the Mitel platform. Refer to the following sections for information about configuring and testing Azure AD SSO with MiCloud Connect or CloudLink Platform.

  • Configure and test Azure AD SSO with MiCloud Connect
  • Configure and test Azure AD SSO with CloudLink Platform

Configure and test Azure AD SSO with MiCloud Connect

To configure and test Azure AD single sign-on with MiCloud Connect:

  1. Configure MiCloud Connect for SSO with Azure AD - to enable your users to use this feature and to configure the SSO settings on the application side.
  2. Create an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
  3. Assign the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
  4. Create a Mitel MiCloud Connect test user - to have a counterpart of Britta Simon on your MiCloud Connect account that is linked to the Azure AD representation of the user.
  5. Test SSO - to verify whether the configuration works.

Configure MiCloud Connect for SSO with Azure AD

In this section, you'll enable Azure AD single sign-on for MiCloud Connect in the Azure portal and configure your MiCloud Connect account to allow SSO using Azure AD.

To configure MiCloud Connect with SSO for Azure AD, it is easiest to open the Azure portal and the Mitel Account portal side by side. You'll need to copy some information from the Azure portal to the Mitel Account portal and some from the Mitel Account portal to the Azure portal.

  1. To open the configuration page in the Azure portal:

    1. On the Mitel Connect application integration page, select Single sign-on.

    2. In the Select a Single sign-on method dialog box, select SAML. The SAML-based sign-on page is displayed.

  2. To open the configuration dialog box in the Mitel Account portal:

    1. On the Phone System menu, select Add-On Features.

    2. To the right of Single Sign-On, select Activate or Settings.

    The Connect Single Sign-On Settings dialog box appears.

  3. Select the Enable Single Sign-On check box.

    Screenshot that shows the Mitel Connect Single Sign-On Settings page, with the Enable Single Sign-On check box selected.

  4. In the Azure portal, select the Edit icon in the Basic SAML Configuration section.

    Screenshot shows the Set up Single Sign-On with SAML page with the edit icon selected.

    The Basic SAML Configuration dialog box appears.

  5. Copy the URL from the Mitel Identifier (Entity ID) field in the Mitel Account portal and paste it into the Identifier (Entity ID) field in the Azure portal.

  6. Copy the URL from the Reply URL (Assertion Consumer Service URL) field in the Mitel Account portal and paste it into the Reply URL (Assertion Consumer Service URL) field in the Azure portal.

    Screenshot shows Basic SAML Configuration in the Azure portal and the Set Up Identity Provider section in the Mitel Account portal with lines indicating the relationship between them.

  7. In the Sign-on URL text box, type one of the following URLs:

    1. https://portal.shoretelsky.com - to use the Mitel Account portal as your default Mitel application
    2. https://teamwork.shoretel.com - to use Teamwork as your default Mitel application

    Note

    The default Mitel application is the application that is accessed when a user selects the Mitel Connect tile in the Access Panel. This is also the application accessed when doing a test setup from Azure AD.

  8. Select Save in the Basic SAML Configuration dialog box in the Azure portal.

  9. In the SAML Signing Certificate section on the SAML-based sign-on page in the Azure portal, select Download next to Certificate (Base64) to download the Signing Certificate and save it to your computer.

    Screenshot shows the SAML Signing Certificate pane where you can download a certificate.

  10. Open the Signing Certificate file in a text editor, copy all data in the file, and then paste the data in the Signing Certificate field in the Mitel Account portal.

    Screenshot shows the Signing Certificate field.

  11. In the Setup Mitel Connect section on the SAML-based sign-on page of the Azure portal:

    1. Copy the URL from the Login URL field and paste it into the Sign-in URL field in the Mitel Account portal.

    2. Copy the URL from the Azure AD Identifier field and paste it into the Entity ID field in the Mitel Account portal.

      Screenshot shows the relationship between the SAML-based sign-on page of the Azure portal and the Mitel Account portal.

  12. Select Save on the Connect Single Sign-On Settings dialog box in the Mitel Account portal.

Create an Azure AD test user

In this section, you'll create a test user in the Azure portal called B.Simon.

  1. From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
  2. Select New user at the top of the screen.
  3. In the User properties, follow these steps:
    1. In the Name field, enter B.Simon.
    2. In the User name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com.
    3. Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. Click Create.

Assign the Azure AD test user

In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Mitel Connect.

  1. In the Azure portal, select Enterprise Applications, and then select All applications.
  2. In the applications list, select Mitel Connect.
  3. In the app's overview page, find the Manage section and select Users and groups.
  4. Select Add user, then select Users and groups in the Add Assignment dialog.
  5. In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the bottom of the screen.
  6. If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. If no role has been set up for this app, you see "Default Access" role selected.
  7. In the Add Assignment dialog, click the Assign button.

Create a Mitel MiCloud Connect test user

In this section, you create a user named Britta Simon on your MiCloud Connect account. Users must be created and activated before using single sign-on.

For details about adding users in the Mitel Account portal, see the Adding a User article in the Mitel Knowledge Base.

Create a user on your MiCloud Connect account with the following details:

  • Name: Britta Simon
  • Business Email Address: brittasimon@<yourcompanydomain>.<extension>
    (Example: brittasimon@contoso.com)
  • Username: brittasimon@<yourcompanydomain>.<extension>
    (Example: brittasimon@contoso.com; the user’s username is typically the same as the user’s business email address)

Note

The user’s MiCloud Connect username must be identical to the user’s email address in Azure.

Test SSO

In this section, you test your Azure AD single sign-on configuration with following options.

  • Click on Test this application in Azure portal. This will redirect to Mitel Connect Sign-on URL where you can initiate the login flow.

  • Go to Mitel Connect Sign-on URL directly and initiate the login flow from there.

  • You can use Microsoft My Apps. When you click the Mitel Connect tile in the My Apps, this will redirect to MiCloud Connect Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.

This section describes how to enable Azure AD SSO for CloudLink platform in the Azure portal and how to configure your CloudLink platform account to allow single sign-on using Azure AD.

To configure CloudLink platform with single sign-on for Azure AD, it is recommended that you open the Azure portal and the CloudLink Accounts portal side by side as you will need to copy some information from the Azure portal to the CloudLink Accounts portal and vice versa.

  1. To open the configuration page in the Azure portal:

    1. On the Mitel Connect application integration page, select Single sign-on.

    2. In the Select a Single sign-on method dialog box, select SAML. The SAML-based Sign-on page opens, displaying the Basic SAML Configuration section.

      Screenshot shows the SAML-based Sign-on page with Basic SAML Configuration.

  2. To access the Azure AD Single Sign On configuration panel in the CloudLink Accounts portal:

    1. Go to the Account Information page of the customer account with which you want to enable the integration.

    2. In the Integrations section, select + Add new. A pop-up screen displays the Integrations panel.

    3. Select the 3rd party tab. A list of supported third-party applications is displayed. Select the Add button associated with Azure AD Single Sign On, and select Done.

      Screenshot shows the Integrations page where you can add Azure A D Single Sign-On.

      The Azure AD Single Sign On is enabled for the customer account and is added to the Integrations section of the Account Information page.

    4. Select Complete Setup.

      Screenshot shows the Complete Setup option for Azure A D Single Sign-On.

      The Azure AD Single Sign On configuration panel opens.

      Screenshot shows Azure A D Single Sign-On configuration.

      Mitel recommends that the Enable Mitel Credentials (Optional) check box in the Optional Mitel credentials section is not selected. Select this check box only if you want the user to sign in to the CloudLink application using the Mitel credentials in addition to the single sign-on option.

  3. In the Azure portal, from the SAML-based Sign-on page, select the Edit icon in the Basic SAML Configuration section. The Basic SAML Configuration panel opens.

    Screenshot shows the Basic SAML Configuration pane with the Edit icon selected.

  4. Copy the URL from the Mitel Identifier (Entity ID) field in the CloudLink Accounts portal and paste it into the Identifier (Entity ID) field in the Azure portal.

  5. Copy the URL from the Reply URL (Assertion Consumer Service URL) field in the CloudLink Accounts portal and paste it into the Reply URL (Assertion Consumer Service URL) field in the Azure portal.

    Screenshot shows the relation between pages in the CloudLink Accounts portal and the Azure portal.

  6. In the Sign-on URL text box, type the URL https://accounts.mitel.io to use the CloudLink Accounts portal as your default Mitel application.

    Screenshot shows the Sign on U R L text box.

    Note

    The default Mitel application is the application that opens when a user selects the Mitel Connect tile in the Access Panel. This is also the application accessed when the user configures a test setup from Azure AD.

  7. Select Save in the Basic SAML Configuration dialog box.

  8. In the SAML Signing Certificate section on the SAML-based sign-on page in the Azure portal, select Download beside Certificate (Base64) to download the Signing Certificate. Save the certificate on your computer.

    Screenshot shows the SAML Signing Certificate section where you can download a Base64 certificate.

  9. Open the Signing Certificate file in a text editor, copy all data in the file, and then paste the data into the Signing Certificate field in the CloudLink Accounts portal.

    Note

    If you have more than one certificate, we recommend that you paste them one after the other.

    Screenshot shows Step two of the procedure where you fill in values from your Azure A D integration.

  10. In the Set up Mitel Connect section on the SAML-based sign-on page of the Azure portal:

    1. Copy the URL from the Login URL field and paste it into the Sign-in URL field in the CloudLink Accounts portal.

    2. Copy the URL from the Azure AD Identifier field and paste it into the IDP Identifier (Entity ID) field in the CloudLink Accounts portal.

      Screenshot shows the source for the values described here in Mintel Connect.

  11. Select Save on the Azure AD Single Sign On panel in the CloudLink Accounts portal.

Create an Azure AD test user

In this section, you'll create a test user in the Azure portal called B.Simon.

  1. From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
  2. Select New user at the top of the screen.
  3. In the User properties, follow these steps:
    1. In the Name field, enter B.Simon.
    2. In the User name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com.
    3. Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. Click Create.

Assign the Azure AD test user

In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Mitel Connect.

  1. In the Azure portal, select Enterprise Applications, and then select All applications.
  2. In the applications list, select Mitel Connect.
  3. In the app's overview page, find the Manage section and select Users and groups.
  4. Select Add user, then select Users and groups in the Add Assignment dialog.
  5. In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the bottom of the screen.
  6. If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. If no role has been set up for this app, you see "Default Access" role selected.
  7. In the Add Assignment dialog, click the Assign button.

This section describes how to create a test user named Britta Simon on your CloudLink platform. Users must be created and activated before they can use single sign-on.

For details about adding users in the CloudLink Accounts portal, see Managing Users in the CloudLink Accounts documentation.

Create a user on your CloudLink Accounts portal with the following details:

  • Name: Britta Simon
  • First Name: Britta
  • Last Name: Simon
  • Email: BrittaSimon@contoso.com

Note

The user's CloudLink email address must be identical to the User Principal Name in the Azure portal.

Test SSO

In this section, you test your Azure AD single sign-on configuration with following options.

  • Click on Test this application in Azure portal. This will redirect to CloudLink Sign-on URL where you can initiate the login flow.

  • Go to CloudLink Sign-on URL directly and initiate the login flow from there.

  • You can use Microsoft My Apps. When you click the Mitel Connect tile in the My Apps, this will redirect to CloudLink Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.

Next steps

Once you configure Mitel Connect you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. Learn how to enforce session control with Microsoft Cloud App Security.