Edit

Tutorial: Microsoft Entra integration with Mitel MiCloud Connect or CloudLink Platform

  • Article

In this tutorial, you will learn how to use the Mitel Connect app to integrate Microsoft Entra ID with Mitel MiCloud Connect or CloudLink Platform. The Mitel Connect app is available in the Azure Gallery. Integrating Microsoft Entra ID with MiCloud Connect or CloudLink Platform provides you with the following benefits:

  • You can control users' access to MiCloud Connect apps and to CloudLink apps in Microsoft Entra ID by using their enterprise credentials.
  • You can enable users on your account to be automatically signed in to MiCloud Connect or CloudLink (single sign-on) by using their Microsoft Entra accounts.

Prerequisites

To configure Microsoft Entra integration with MiCloud Connect, you need the following items:

  • A Microsoft Entra subscription. If you don't have a Microsoft Entra environment, you can get a free account.
  • A Mitel MiCloud Connect account or Mitel CloudLink account, depending on the application you want to configure.

Scenario description

In this tutorial, you'll configure and test Microsoft Entra single sign-on (SSO).

  • Mitel Connect supports SP initiated SSO.

To configure the integration of Mitel Connect into Microsoft Entra ID, you need to add Mitel Connect from the gallery to your list of managed SaaS apps.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications > New application.
  3. In the Add from the gallery section, type Mitel Connect in the search box.
  4. Select Mitel Connect from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Alternatively, you can also use the Enterprise App Configuration Wizard. In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. Learn more about Microsoft 365 wizards.

Configure and test Microsoft Entra SSO

In this section, you'll configure and test Microsoft Entra SSO with MiCloud Connect or CloudLink Platform based on a test user named Britta Simon. For single sign-on to work, a link must be established between the user in Azure portal and the corresponding user on the Mitel platform. Refer to the following sections for information about configuring and testing Microsoft Entra SSO with MiCloud Connect or CloudLink Platform.

  • Configure and test Microsoft Entra SSO with MiCloud Connect
  • Configure and test Microsoft Entra SSO with CloudLink Platform

Configure and test Microsoft Entra SSO with MiCloud Connect

To configure and test Microsoft Entra single sign-on with MiCloud Connect:

  1. Configure MiCloud Connect for SSO with Microsoft Entra ID - to enable your users to use this feature and to configure the SSO settings on the application side.
  2. Create a Microsoft Entra test user - to test Microsoft Entra single sign-on with Britta Simon.
  3. Assign the Microsoft Entra test user - to enable Britta Simon to use Microsoft Entra single sign-on.
  4. Create a Mitel MiCloud Connect test user - to have a counterpart of Britta Simon on your MiCloud Connect account that is linked to the Microsoft Entra representation of the user.
  5. Test SSO - to verify whether the configuration works.

Configure MiCloud Connect for SSO with Microsoft Entra ID

In this section, you'll enable Microsoft Entra single sign-on for MiCloud Connect in the Azure portal and configure your MiCloud Connect account to allow SSO using Microsoft Entra ID.

To configure MiCloud Connect with SSO for Microsoft Entra ID, it is easiest to open the Azure portal and the Mitel Account portal side by side. You'll need to copy some information to the Mitel Account portal and some from the Mitel Account portal to the Azure portal.

  1. To open the configuration page in the Azure portal:

    1. On the Mitel Connect application integration page, select Single sign-on.

    2. In the Select a Single sign-on method dialog box, select SAML. The SAML-based sign-on page is displayed.

  2. To open the configuration dialog box in the Mitel Account portal:

    1. On the Phone System menu, select Add-On Features.

    2. To the right of Single Sign-On, select Activate or Settings.

    The Connect Single Sign-On Settings dialog box appears.

  3. Select the Enable Single Sign-On check box.

    Screenshot that shows the Mitel Connect Single Sign-On Settings page, with the Enable Single Sign-On check box selected.

  4. In the Azure portal, select the Edit icon in the Basic SAML Configuration section.

    Screenshot shows the Set up Single Sign-On with SAML page with the edit icon selected.

    The Basic SAML Configuration dialog box appears.

  5. Copy the URL from the Mitel Identifier (Entity ID) field in the Mitel Account portal and paste it into the Identifier (Entity ID) field.

  6. Copy the URL from the Reply URL (Assertion Consumer Service URL) field in the Mitel Account portal and paste it into the Reply URL (Assertion Consumer Service URL) field.

    Screenshot shows Basic SAML Configuration in the Azure portal and the Set Up Identity Provider section in the Mitel Account portal with lines indicating the relationship between them.

  7. In the Sign-on URL text box, type one of the following URLs:

    1. https://portal.shoretelsky.com - to use the Mitel Account portal as your default Mitel application
    2. https://teamwork.shoretel.com - to use Teamwork as your default Mitel application

    Note

    The default Mitel application is the application that is accessed when a user selects the Mitel Connect tile in the Access Panel. This is also the application accessed when doing a test setup from Microsoft Entra ID.

  8. Select Save in the Basic SAML Configuration dialog box.

  9. In the SAML Signing Certificate section on the SAML-based sign-on page in the Azure portal, select Download next to Certificate (Base64) to download the Signing Certificate and save it to your computer.

    Screenshot shows the SAML Signing Certificate pane where you can download a certificate.

  10. Open the Signing Certificate file in a text editor, copy all data in the file, and then paste the data in the Signing Certificate field in the Mitel Account portal.

    Screenshot shows the Signing Certificate field.

  11. In the Setup Mitel Connect section on the SAML-based sign-on page of the Azure portal:

    1. Copy the URL from the Login URL field and paste it into the Sign-in URL field in the Mitel Account portal.

    2. Copy the URL from the Microsoft Entra Identifier field and paste it into the Entity ID field in the Mitel Account portal.

      Screenshot shows the relationship between the SAML-based sign-on page of the Azure portal and the Mitel Account portal.

  12. Select Save on the Connect Single Sign-On Settings dialog box in the Mitel Account portal.

Create a Microsoft Entra test user

In this section, you'll create a test user called B.Simon.

  1. Sign in to the Microsoft Entra admin center as at least a User Administrator.
  2. Browse to Identity > Users > All users.
  3. Select New user > Create new user, at the top of the screen.
  4. In the User properties, follow these steps:
    1. In the Display name field, enter B.Simon.
    2. In the User principal name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com.
    3. Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. Select Review + create.
  5. Select Create.

Assign the Microsoft Entra test user

In this section, you'll enable B.Simon to use single sign-on by granting access to Mitel Connect.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications > Mitel Connect.
  3. In the app's overview page, select Users and groups.
  4. Select Add user/group, then select Users and groups in the Add Assignment dialog.
    1. In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the bottom of the screen.
    2. If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. If no role has been set up for this app, you see "Default Access" role selected.
    3. In the Add Assignment dialog, click the Assign button.

Create a Mitel MiCloud Connect test user

In this section, you create a user named Britta Simon on your MiCloud Connect account. Users must be created and activated before using single sign-on.

For details about adding users in the Mitel Account portal, see the Adding a User article in the Mitel Knowledge Base.

Create a user on your MiCloud Connect account with the following details:

  • Name: Britta Simon
  • Business Email Address: brittasimon@<yourcompanydomain>.<extension>
    (Example: brittasimon@contoso.com)
  • Username: brittasimon@<yourcompanydomain>.<extension>
    (Example: brittasimon@contoso.com; the user’s username is typically the same as the user’s business email address)

Note

The user’s MiCloud Connect username must be identical to the user’s email address in Azure.

Test SSO

In this section, you test your Microsoft Entra single sign-on configuration with following options.

  • Click on Test this application, this will redirect to Mitel Connect Sign-on URL where you can initiate the login flow.

  • Go to Mitel Connect Sign-on URL directly and initiate the login flow from there.

  • You can use Microsoft My Apps. When you click the Mitel Connect tile in the My Apps, this will redirect to MiCloud Connect Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.

This section describes how to enable Microsoft Entra SSO for CloudLink platform in the Azure portal and how to configure your CloudLink platform account to allow single sign-on using Microsoft Entra ID.

To configure CloudLink platform with single sign-on for Microsoft Entra ID, it is recommended that you open the Azure portal and the CloudLink Accounts portal side by side as you will need to copy some information to the CloudLink Accounts portal and vice versa.

  1. To open the configuration page in the Azure portal:

    1. On the Mitel Connect application integration page, select Single sign-on.

    2. In the Select a Single sign-on method dialog box, select SAML. The SAML-based Sign-on page opens, displaying the Basic SAML Configuration section.

      Screenshot shows the SAML-based Sign-on page with Basic SAML Configuration.

  2. To access the Microsoft Entra Single Sign On configuration panel in the CloudLink Accounts portal:

    1. Go to the Account Information page of the customer account with which you want to enable the integration.

    2. In the Integrations section, select + Add new. A pop-up screen displays the Integrations panel.

    3. Select the 3rd party tab. A list of supported third-party applications is displayed. Select the Add button associated with Microsoft Entra Single Sign On, and select Done.

      Screenshot shows the Integrations page where you can add Microsoft Entra Single Sign-On.

      The Microsoft Entra Single Sign On is enabled for the customer account and is added to the Integrations section of the Account Information page.

    4. Select Complete Setup.

      Screenshot shows the Complete Setup option for Microsoft Entra Single Sign-On.

      The Microsoft Entra Single Sign On configuration panel opens.

      Screenshot shows Microsoft Entra Single Sign-On configuration.

      Mitel recommends that the Enable Mitel Credentials (Optional) check box in the Optional Mitel credentials section is not selected. Select this check box only if you want the user to sign in to the CloudLink application using the Mitel credentials in addition to the single sign-on option.

  3. In the Azure portal, from the SAML-based Sign-on page, select the Edit icon in the Basic SAML Configuration section. The Basic SAML Configuration panel opens.

    Screenshot shows the Basic SAML Configuration pane with the Edit icon selected.

  4. Copy the URL from the Mitel Identifier (Entity ID) field in the CloudLink Accounts portal and paste it into the Identifier (Entity ID) field.

  5. Copy the URL from the Reply URL (Assertion Consumer Service URL) field in the CloudLink Accounts portal and paste it into the Reply URL (Assertion Consumer Service URL) field.

    Screenshot shows the relation between pages in the CloudLink Accounts portal and the Azure portal.

  6. In the Sign-on URL text box, type the URL https://accounts.mitel.io to use the CloudLink Accounts portal as your default Mitel application.

    Screenshot shows the Sign on U R L text box.

    Note

    The default Mitel application is the application that opens when a user selects the Mitel Connect tile in the Access Panel. This is also the application accessed when the user configures a test setup from Microsoft Entra ID.

  7. Select Save in the Basic SAML Configuration dialog box.

  8. In the SAML Signing Certificate section on the SAML-based sign-on page in the Azure portal, select Download beside Certificate (Base64) to download the Signing Certificate. Save the certificate on your computer.

    Screenshot shows the SAML Signing Certificate section where you can download a Base64 certificate.

  9. Open the Signing Certificate file in a text editor, copy all data in the file, and then paste the data into the Signing Certificate field in the CloudLink Accounts portal.

    Note

    If you have more than one certificate, we recommend that you paste them one after the other.

    Screenshot shows Step two of the procedure where you fill in values from your Microsoft Entra integration.

  10. In the Set up Mitel Connect section on the SAML-based sign-on page of the Azure portal:

    1. Copy the URL from the Login URL field and paste it into the Sign-in URL field in the CloudLink Accounts portal.

    2. Copy the URL from the Microsoft Entra Identifier field and paste it into the IDP Identifier (Entity ID) field in the CloudLink Accounts portal.

      Screenshot shows the source for the values described here in Mintel Connect.

  11. Select Save on the Microsoft Entra Single Sign On panel in the CloudLink Accounts portal.

Create a Microsoft Entra test user

In this section, you'll create a test user called B.Simon.

  1. Sign in to the Microsoft Entra admin center as at least a User Administrator.
  2. Browse to Identity > Users > All users.
  3. Select New user > Create new user, at the top of the screen.
  4. In the User properties, follow these steps:
    1. In the Display name field, enter B.Simon.
    2. In the User principal name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com.
    3. Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. Select Review + create.
  5. Select Create.

Assign the Microsoft Entra test user

In this section, you'll enable B.Simon to use single sign-on by granting access to Mitel Connect.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications > Mitel Connect.
  3. In the app's overview page, select Users and groups.
  4. Select Add user/group, then select Users and groups in the Add Assignment dialog.
    1. In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the bottom of the screen.
    2. If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. If no role has been set up for this app, you see "Default Access" role selected.
    3. In the Add Assignment dialog, click the Assign button.

This section describes how to create a test user named Britta Simon on your CloudLink platform. Users must be created and activated before they can use single sign-on.

For details about adding users in the CloudLink Accounts portal, see Managing Users in the CloudLink Accounts documentation.

Create a user on your CloudLink Accounts portal with the following details:

  • Name: Britta Simon
  • First Name: Britta
  • Last Name: Simon
  • Email: BrittaSimon@contoso.com

Note

The user's CloudLink email address must be identical to the User Principal Name.

Test SSO

In this section, you test your Microsoft Entra single sign-on configuration with following options.

  • Click on Test this application, this will redirect to CloudLink Sign-on URL where you can initiate the login flow.

  • Go to CloudLink Sign-on URL directly and initiate the login flow from there.

  • You can use Microsoft My Apps. When you click the Mitel Connect tile in the My Apps, this will redirect to CloudLink Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.

Next steps

Once you configure Mitel Connect you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. Learn how to enforce session control with Microsoft Defender for Cloud Apps.