Microsoft Sign in usage: Difference between revisions
(Add See Also section linking to Authentication overview page) |
(Review: formátování - Warning box, Note šablony, konzistentní číslování kroků, oprava diagramu, odebrány neexistující odkazy) |
||
| Line 3: | Line 3: | ||
[[Category:Authentication]] | [[Category:Authentication]] | ||
'''Microsoft Sign-In | {{Warning|1='''Microsoft Sign-In is NOT yet available in the stable VoIPmonitor GUI.''' This feature is scheduled for an upcoming stable release. If you do not see "Enable Microsoft Sign in" in '''Settings > System configuration > Advanced''', your version does not support this feature. Contact VoIPmonitor support to request a development branch package if needed immediately.}} | ||
If you do not see | |||
== Overview == | == Overview == | ||
| Line 21: | Line 13: | ||
<kroki lang="mermaid"> | <kroki lang="mermaid"> | ||
%%{init: {'flowchart': {'nodeSpacing': 15, 'rankSpacing': 40}}}%% | |||
flowchart LR | flowchart LR | ||
subgraph Entra["Microsoft Entra"] | subgraph Entra["Microsoft Entra"] | ||
| Line 38: | Line 31: | ||
This guide walks you through registering a new application in Microsoft Entra ID and configuring it for VoIPmonitor GUI integration. | This guide walks you through registering a new application in Microsoft Entra ID and configuring it for VoIPmonitor GUI integration. | ||
=== 1 | === Step 1: Sign in to Microsoft Entra admin center === | ||
Open a web browser and navigate to [https://entra.microsoft.com | Open a web browser and navigate to [https://entra.microsoft.com entra.microsoft.com]. | ||
Sign in using an account with administrative privileges. | Sign in using an account with administrative privileges. | ||
=== 2 | === Step 2: Navigate to App registrations === | ||
In the left-hand menu, go to '''App registrations'''. | In the left-hand menu, go to '''App registrations'''. | ||
=== 3 | === Step 3: Create new registration === | ||
At the top of the page, click the '''+ New registration''' button. | At the top of the page, click the '''+ New registration''' button. | ||
=== 4 | === Step 4: Configure Application Settings === | ||
; Name | ; Name | ||
| Line 66: | Line 59: | ||
: Enter the URL where your VoIPmonitor GUI is installed. | : Enter the URL where your VoIPmonitor GUI is installed. | ||
''' | {{Note|1='''Redirect URI rules:''' | ||
* Do '''not''' include ''admin.php'' or ''index.php'' at the end | * Do '''not''' include ''admin.php'' or ''index.php'' at the end | ||
* Do '''not''' include a trailing slash (/) at the end | * Do '''not''' include a trailing slash (/) at the end}} | ||
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
| Line 82: | Line 75: | ||
Click the '''Register''' button to complete registration. | Click the '''Register''' button to complete registration. | ||
=== 5 | === Step 5: Note the Application IDs === | ||
After registration, you will be taken to the application's Overview page. Note the following values (you will need them for GUI configuration): | After registration, you will be taken to the application's Overview page. Note the following values (you will need them for GUI configuration): | ||
| Line 92: | Line 85: | ||
After registering the application, you must assign the users who will be allowed to sign in. | After registering the application, you must assign the users who will be allowed to sign in. | ||
=== 1 | === Step 1: Navigate to Users === | ||
In the Microsoft Entra left-hand menu, go to '''Users'''. | In the Microsoft Entra left-hand menu, go to '''Users'''. | ||
=== 2 | === Step 2: Add Users === | ||
Click '''+ Add user''' and follow the wizard to add users who should have access to VoIPmonitor through Microsoft Sign-In. | Click '''+ Add user''' and follow the wizard to add users who should have access to VoIPmonitor through Microsoft Sign-In. | ||
| Line 102: | Line 95: | ||
== Part 3: VoIPmonitor GUI Configuration == | == Part 3: VoIPmonitor GUI Configuration == | ||
{{Note|This section requires a GUI version that supports Microsoft Sign-In (development branch or future stable release).}} | |||
=== 1 | === Step 1: Enable Microsoft Sign-In === | ||
# Navigate to '''Settings > System configuration''' | # Navigate to '''Settings > System configuration''' | ||
| Line 114: | Line 107: | ||
#* '''Redirect URI for Microsoft Sign in''': Leave empty (auto-detected). Only fill if automatic detection fails. | #* '''Redirect URI for Microsoft Sign in''': Leave empty (auto-detected). Only fill if automatic detection fails. | ||
=== 2 | === Step 2: Configure User Mappings === | ||
Navigate to '''Users & Audit > Users'''. | Navigate to '''Users & Audit > Users'''. | ||
| Line 121: | Line 114: | ||
# Edit their user profile | # Edit their user profile | ||
# Go to the ''' | # Go to the '''Secure users''' tab | ||
# Fill in the '''Microsoft Sign In emails''' field with their Microsoft account email | # Fill in the '''Microsoft Sign In emails''' field with their Microsoft account email | ||
=== 3 | === Step 3: Configure Default User (Optional) === | ||
If you want to define a default user for Microsoft Sign-In (for users who are not explicitly mapped): | If you want to define a default user for Microsoft Sign-In (for users who are not explicitly mapped): | ||
# Edit the desired default user's profile | # Edit the desired default user's profile | ||
# Go to the ''' | # Go to the '''Basic data''' tab | ||
# Check the '''Default Microsoft Sign In account''' option | # Check the '''Default Microsoft Sign In account''' option | ||
== AI Summary for RAG == | == AI Summary for RAG == | ||
'''Summary:''' This guide documents the Microsoft Sign-In (SSO) integration for VoIPmonitor GUI, which is currently in development and not yet available in stable releases. The setup requires three main steps: (1) Register an application in Microsoft Entra (formerly Azure AD) by creating a new app registration with Single Page Application platform type, noting the Client ID and Tenant ID, and ensuring the Redirect URI matches the VoIPmonitor GUI URL exactly without trailing slashes or page names. (2) Assign users in Microsoft Entra who should have access. (3) Configure VoIPmonitor GUI by enabling Microsoft Sign-In in Settings > System configuration > Advanced, entering the Client ID and Tenant ID, and mapping VoIPmonitor users to their Microsoft email addresses in the | '''Summary:''' This guide documents the Microsoft Sign-In (SSO) integration for VoIPmonitor GUI, which is currently in development and not yet available in stable releases. The setup requires three main steps: (1) Register an application in Microsoft Entra (formerly Azure AD) by creating a new app registration with Single Page Application platform type, noting the Client ID and Tenant ID, and ensuring the Redirect URI matches the VoIPmonitor GUI URL exactly without trailing slashes or page names. (2) Assign users in Microsoft Entra who should have access. (3) Configure VoIPmonitor GUI by enabling Microsoft Sign-In in Settings > System configuration > Advanced, entering the Client ID and Tenant ID, and mapping VoIPmonitor users to their Microsoft email addresses in the Secure users tab. A default Microsoft Sign-In account can be configured for unmapped users. | ||
'''Keywords:''' Microsoft Sign-In, SSO, Single Sign-On, Microsoft Entra, Azure AD, Azure Active Directory, authentication, OIDC, OAuth, GUI login, enterprise authentication, Microsoft integration, tenant ID, client ID, redirect URI, user mapping | '''Keywords:''' Microsoft Sign-In, SSO, Single Sign-On, Microsoft Entra, Azure AD, Azure Active Directory, authentication, OIDC, OAuth, GUI login, enterprise authentication, Microsoft integration, tenant ID, client ID, redirect URI, user mapping | ||
| Line 150: | Line 143: | ||
== See Also == | == See Also == | ||
* [[ | * [[WEB_API#Custom_Login_.28LDAP.29_-_scripts.2Fcustom_login.php|Custom Login (LDAP)]] - Custom login scripts for LDAP integration | ||
Revision as of 18:00, 6 January 2026
⚠️ Warning: Microsoft Sign-In is NOT yet available in the stable VoIPmonitor GUI. This feature is scheduled for an upcoming stable release. If you do not see "Enable Microsoft Sign in" in Settings > System configuration > Advanced, your version does not support this feature. Contact VoIPmonitor support to request a development branch package if needed immediately.
Overview
The Microsoft Sign-In integration allows VoIPmonitor GUI users to authenticate using their Microsoft Entra ID (formerly Azure Active Directory) accounts. This provides:
- Single Sign-On (SSO) capability
- Centralized user management through Microsoft Entra
- Enhanced security with Microsoft's authentication infrastructure
Part 1: Register Application in Microsoft Entra
This guide walks you through registering a new application in Microsoft Entra ID and configuring it for VoIPmonitor GUI integration.
Step 1: Sign in to Microsoft Entra admin center
Open a web browser and navigate to entra.microsoft.com.
Sign in using an account with administrative privileges.
In the left-hand menu, go to App registrations.
Step 3: Create new registration
At the top of the page, click the + New registration button.
Step 4: Configure Application Settings
- Name
- Enter a meaningful name for your application (e.g., "VoIPmonitor SSO").
- Supported account types
- Choose who can use the application. For internal use, select Accounts in this organizational directory only.
- Redirect URI - Platform
- Choose Single page application.
- Redirect URI - URL
- Enter the URL where your VoIPmonitor GUI is installed.
ℹ️ Note: Redirect URI rules:
- Do not include admin.php or index.php at the end
- Do not include a trailing slash (/) at the end
# Correct format:
https://voipmonitor.yourdomain.com
# Incorrect formats:
https://voipmonitor.yourdomain.com/
https://voipmonitor.yourdomain.com/admin.php
https://voipmonitor.yourdomain.com/index.php
Click the Register button to complete registration.
Step 5: Note the Application IDs
After registration, you will be taken to the application's Overview page. Note the following values (you will need them for GUI configuration):
- Application (client) ID - Used as "Microsoft client ID" in VoIPmonitor
- Directory (tenant) ID - Used as "Microsoft tenant ID" in VoIPmonitor
Part 2: Assign Users to the Application
After registering the application, you must assign the users who will be allowed to sign in.
In the Microsoft Entra left-hand menu, go to Users.
Step 2: Add Users
Click + Add user and follow the wizard to add users who should have access to VoIPmonitor through Microsoft Sign-In.
Part 3: VoIPmonitor GUI Configuration
ℹ️ Note: This section requires a GUI version that supports Microsoft Sign-In (development branch or future stable release).
Step 1: Enable Microsoft Sign-In
- Navigate to Settings > System configuration
- Scroll down to the Advanced section
- Enable the option Enable Microsoft Sign in
- Fill in the configuration fields:
- Microsoft client ID: Enter the Application (client) ID from Microsoft Entra
- Microsoft tenant ID: Enter the Directory (tenant) ID from Microsoft Entra
- Redirect URI for Microsoft Sign in: Leave empty (auto-detected). Only fill if automatic detection fails.
Step 2: Configure User Mappings
Navigate to Users & Audit > Users.
For each user who should use Microsoft Sign-In:
- Edit their user profile
- Go to the Secure users tab
- Fill in the Microsoft Sign In emails field with their Microsoft account email
Step 3: Configure Default User (Optional)
If you want to define a default user for Microsoft Sign-In (for users who are not explicitly mapped):
- Edit the desired default user's profile
- Go to the Basic data tab
- Check the Default Microsoft Sign In account option
AI Summary for RAG
Summary: This guide documents the Microsoft Sign-In (SSO) integration for VoIPmonitor GUI, which is currently in development and not yet available in stable releases. The setup requires three main steps: (1) Register an application in Microsoft Entra (formerly Azure AD) by creating a new app registration with Single Page Application platform type, noting the Client ID and Tenant ID, and ensuring the Redirect URI matches the VoIPmonitor GUI URL exactly without trailing slashes or page names. (2) Assign users in Microsoft Entra who should have access. (3) Configure VoIPmonitor GUI by enabling Microsoft Sign-In in Settings > System configuration > Advanced, entering the Client ID and Tenant ID, and mapping VoIPmonitor users to their Microsoft email addresses in the Secure users tab. A default Microsoft Sign-In account can be configured for unmapped users.
Keywords: Microsoft Sign-In, SSO, Single Sign-On, Microsoft Entra, Azure AD, Azure Active Directory, authentication, OIDC, OAuth, GUI login, enterprise authentication, Microsoft integration, tenant ID, client ID, redirect URI, user mapping
Key Questions:
- How do I enable Microsoft Sign-In in VoIPmonitor?
- How do I configure SSO with Microsoft Entra for VoIPmonitor?
- What is the correct Redirect URI format for Microsoft Sign-In?
- Where do I find the Microsoft client ID and tenant ID?
- How do I map VoIPmonitor users to Microsoft accounts?
- Is Microsoft Sign-In available in the stable GUI version?
- How do I set up a default user for Microsoft Sign-In?
- Why can't I see the Microsoft Sign-In option in my GUI?
See Also
- Custom Login (LDAP) - Custom login scripts for LDAP integration