Microsoft Sign in usage: Difference between revisions

Overview

Microsoft Sign-In allows VoIPmonitor GUI users to authenticate using their Microsoft Entra ID (formerly Azure AD) accounts, providing Single Sign-On (SSO) capability.

User Mapping Order

When a user signs in with Microsoft, VoIPmonitor maps them to a GUI user profile in this order:

1. Direct email match - Username in VoIPmonitor matches Microsoft email
2. Secure users list - Microsoft email is listed in user's "Microsoft Sign In emails" field
3. Default user - Falls back to the user marked as "Default Microsoft Sign In account"

Quick Reference

Part 1: Microsoft Entra Configuration

Register the Application

1. Go to entra.microsoft.com > App registrations > + New registration
2. Configure:
   • Name: e.g., "VoIPmonitor SSO"
   • Supported account types: "Accounts in this organizational directory only"
   • Redirect URI - Platform: Single page application
   • Redirect URI - URL: Your VoIPmonitor GUI URL
3. Click Register
4. Note the Application (client) ID and Directory (tenant) ID from the Overview page

Assign Users

In Microsoft Entra, go to Users and add users who should have access to VoIPmonitor via Microsoft Sign-In.

Part 2: VoIPmonitor GUI Configuration

Enable Microsoft Sign-In

1. Go to Settings > System configuration > Advanced
2. Enable Enable Microsoft Sign in
3. Enter:
   • Microsoft client ID - from Entra
   • Microsoft tenant ID - from Entra
   • Redirect URI - leave empty (auto-detected)

Map Users

For each user who will use Microsoft Sign-In:

1. Go to Users & Audit > Users > edit user
2. Secure users tab > fill Microsoft Sign In emails with their Microsoft email

Default User (Optional)

To set a fallback user for unmapped Microsoft accounts:

1. Edit the desired user > Basic data tab
2. Check Default Microsoft Sign In account

Troubleshooting

SSO Fails Behind Reverse Proxy

Symptom: Redirect loops or "too many redirects" errors when using AWS ALB, Nginx, or other reverse proxies with SSL termination.

Cause: The proxy terminates HTTPS but forwards HTTP to the backend, breaking the OAuth callback flow.

Solution: Pass the original protocol via X-Forwarded-Proto header:

# Nginx configuration
proxy_set_header X-Forwarded-Proto $scheme;

For AWS ALB, this header is automatic but ensure intermediate proxies pass it through. See Nginx for complete configuration.

See Also

• Google_Sign_in_usage - Google OAuth integration
• User_Management - User account management
• Custom Login - LDAP/custom authentication scripts

AI Summary for RAG

Summary: Microsoft Sign-In (SSO) integration for VoIPmonitor GUI using Microsoft Entra ID (formerly Azure AD). Currently in development branch only. Setup requires: (1) Register application in Microsoft Entra as Single Page Application, get Client ID and Tenant ID. (2) Configure GUI in Settings > System configuration > Advanced with IDs. (3) Map users via Secure users tab or set default fallback user. User mapping order: direct email match, Secure users list, default user. Redirect URI must be exact GUI URL without trailing slash or page names. For reverse proxy setups (AWS ALB, Nginx), configure X-Forwarded-Proto header to prevent redirect loops.

Keywords: Microsoft Sign-In, SSO, Single Sign-On, Microsoft Entra, Azure AD, Azure Active Directory, authentication, OIDC, OAuth, GUI login, enterprise authentication, tenant ID, client ID, redirect URI, user mapping, X-Forwarded-Proto, reverse proxy, AWS ALB

Key Questions:

• How do I enable Microsoft Sign-In in VoIPmonitor?
• How do I configure SSO with Microsoft Entra for VoIPmonitor?
• What is the correct Redirect URI format for Microsoft Sign-In?
• Where do I find the Microsoft client ID and tenant ID?
• How do I map VoIPmonitor users to Microsoft accounts?
• Is Microsoft Sign-In available in the stable GUI version?
• How do I set up a default user for Microsoft Sign-In?
• Why does Microsoft Sign-In fail behind a reverse proxy?
• What is the user mapping order for Microsoft Sign-In?