Configure and Test Azure AD Single Sign-On

This section describes how to configure and test Azure AD single sign-on with MiCloud Connect based on a test user named Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in MiCloud Connect needs to be established.

To configure and test Azure AD single sign-on with MiCloud Connect, you need to complete the following steps:

  1. Configure MiCloud Connect for Single Sign-On with Azure AD - to enable your users to use this feature and to configure the SSO settings on the application side.

  2. Create an Azure AD Test User - to test Azure AD single sign-on with Britta Simon.

  3. Assign the Azure AD Test User - to enable Britta Simon to use Azure AD single sign-on.

  4. Create a Mitel MiCloud Connect Test User - to have a counterpart of Britta Simon on your MiCloud Connect account that is linked to the Azure AD representation of the user.

  5. Test Single Sign-On - to verify that the configuration works.

Configure MiCloud Connect for Single Sign-On with Azure AD

This section describes how to enable Azure AD single sign-on for MiCloud Connect in the Azure portal and how to configure your MiCloud Connect account to allow SSO using Azure AD.

To configure MiCloud Connect with SSO for Azure AD, it is easiest to open the Azure portal and the Mitel Account portal side-by-side. You will need to copy some information from the Azure portal to the Mitel Account portal and some from the Mitel Account portal to the Azure portal.

  1. To open the configuration page in the Azure portal, do the following:

    1. On the Mitel Connect application integration page, click Single sign-on.

      media/image11.jpeg

    2. In the Select a Single sign-on method dialog, click SAML.

    media/image12.jpeg

    The SAML-based sign-on page is displayed.

  2. To open the configuration dialog in the Mitel Account portal, do the following:

    1. On the Phone System menu, click Add-On Features.

    2. To the right of Single Sign-On, click Activate or Settings.

    The Connect Single Sign-On Settings dialog box appears.

  3. Select the Enable Single Sign-On check box.

    media/image13.png

  4. In the Azure portal, click the Edit icon in the Basic SAML Configuration section.

    media/image14.jpeg

    The Basic SAML Configuration dialog box appears.

  5. Copy the URL from the Mitel Identifier (Entity ID) field in the Mitel Account portal and paste it into the Identifier (Entity ID) field in the Azure portal.

  6. Copy the URL from the Reply URL (Assertion Consumer Service URL) field in the Mitel Account portal and paste it into the Reply URL (Assertion Consumer Service URL) field in the Azure portal.

    media/image15.png

  7. In the Sign on URL text box, type one of the following URLs:

    NOTE: The default Mitel application is the application accessed when a user clicks on the Mitel Connect tile in the Access Panel. This is also the application accessed when performing a test setup from Azure AD.

    1. https://portal.shoretelsky.com - for US and Canada accounts, to use the Mitel Account portal as your default Mitel application

    2. https://portal.shoretel.eu - for UK accounts, to use the Mitel Account portal as your default Mitel application

    3. https://portal.shoretel.com.au - for Australia accounts, to use the Mitel Account portal as your default Mitel application

    4. https://teamwork.shoretel.com - to use Teamwork as your default Mitel application (Teamwork is supported in the US and Canada only)

  8. Click Save in the Basic SAML Configuration dialog box in the Azure portal.

  9. In the SAML Signing Certificate section on the SAML-based sign-on page in the Azure portal, click Download next to Certificate (Base64) to download the Signing Certificate and save it to your computer.

    media/image16.png

  10. Open the Signing Certificate file in a text editor, copy all data in the file, and then paste the data in the Signing Certificate field in the Mitel Account portal.

    media/image17.png

  11. In the Set up Mitel Connect section on the SAML-based sign-on page of the Azure portal, do the following:

  1. Copy the URL from the Login URL field and paste it into the Sign-in URL field in the Mitel Account portal.

  2. Copy the URL from the Azure AD Identifier field and paste it into the IDP Identifier (Entity ID) field in the Mitel Account portal.

    media/image18.png

  3. Click Save on the Connect Single Sign-On Settings dialog box in the Mitel Account portal.

Create an Azure AD Test User

This section describes how to create a test user named Britta Simon in the Azure portal.

  1. In the Azure portal, in the left pane, click Azure Active Directory, click Users, and then click All users.

    media/image19.jpeg

  2. Click New user at the top of the screen.

    media/image20.jpeg

  3. In the User properties dialog, perform the following steps:

    media/image21.jpeg

    1. In the Name field, type BrittaSimon.

    2. In the User name field, type brittasimon@<yourcompanydomain>.<extension>.

      For example: BrittaSimon@contoso.com

    3. Select the Show password check box, and then write down the value that is displayed in the Password box.

    4. Click Create.

Assign the Azure AD Test User

This section describes how to enable Britta Simon to use Azure single sign-on by granting access to Mitel Connect.

  1. In the Azure portal, click Enterprise Applications, and then click All applications.

    media/image8.jpeg

  2. In the applications list, click Mitel Connect.

    media/image22.jpeg

  3. In the menu on the left, click Users and groups.

    media/image23.jpeg

  4. Click Add user, then click Users and groups in the Add Assignment dialog.

    media/image24.jpeg

  5. In the Users and groups dialog, select Britta Simon in the Users list, then click Select at the bottom of the screen.

  6. If you are expecting any role value in the SAML assertion, select the appropriate role for the user from the list in the Select Role dialog, and then click Select at the bottom of the screen.

  7. In the Add Assignment dialog, click Assign.

Create a MiCloud Connect Test User

This section describes how to create a user named Britta Simon on your MiCloud Connect account. Users must be created and activated before using single sign-on.

For details about adding users in the Mitel Account portal, see Adding a User.

Create a user on your MiCloud Connect account with the following details:

Example: brittasimon@contoso.com; the user's username is typically the same as the user's business email address

NOTE: The user's MiCloud Connect username must be identical to the user's email address in Azure.

Test Single Sign-On

This section describes how to test your Azure AD single sign-on configuration using the Access Panel.

When you click the Mitel Connect tile in the Access Panel, you should be automatically redirected to sign in to the MiCloud Connect application you configured as your default in the Sign on URL field. For more information about the Access Panel, see Introduction to the Access Panel.

Parent topic: Configuring SSO for MiCloud Connect with Microsoft Azure AD