Microsoft Sign in usage: Difference between revisions

Revision as of 21:28, 6 January 2026

⚠️ Warning: Microsoft Sign-In is NOT yet available in the stable VoIPmonitor GUI. This feature is scheduled for an upcoming stable release. If you do not see "Enable Microsoft Sign in" in Settings > System configuration > Advanced, your version does not support this feature. Contact VoIPmonitor support to request a development branch package if needed immediately.

Overview

The Microsoft Sign-In integration allows VoIPmonitor GUI users to authenticate using their Microsoft Entra ID (formerly Azure Active Directory) accounts. This provides:

Single Sign-On (SSO) capability
Centralized user management through Microsoft Entra
Enhanced security with Microsoft's authentication infrastructure

Part 1: Register Application in Microsoft Entra

This guide walks you through registering a new application in Microsoft Entra ID and configuring it for VoIPmonitor GUI integration.

Step 1: Sign in to Microsoft Entra admin center

Open a web browser and navigate to entra.microsoft.com.

Sign in using an account with administrative privileges.

Step 2: Navigate to App registrations

In the left-hand menu, go to App registrations.

Step 3: Create new registration

At the top of the page, click the + New registration button.

Step 4: Configure Application Settings

Name: Enter a meaningful name for your application (e.g., "VoIPmonitor SSO").

Supported account types: Choose who can use the application. For internal use, select Accounts in this organizational directory only.

Redirect URI - Platform: Choose Single page application.

Redirect URI - URL: Enter the URL where your VoIPmonitor GUI is installed.

ℹ️ Note: Redirect URI rules:

Do not include admin.php or index.php at the end
Do not include a trailing slash (/) at the end

# Correct format:
https://voipmonitor.yourdomain.com

# Incorrect formats:
https://voipmonitor.yourdomain.com/
https://voipmonitor.yourdomain.com/admin.php
https://voipmonitor.yourdomain.com/index.php

Click the Register button to complete registration.

Step 5: Note the Application IDs

After registration, you will be taken to the application's Overview page. Note the following values (you will need them for GUI configuration):

Application (client) ID - Used as "Microsoft client ID" in VoIPmonitor
Directory (tenant) ID - Used as "Microsoft tenant ID" in VoIPmonitor

Part 2: Assign Users to the Application

After registering the application, you must assign the users who will be allowed to sign in.

Step 1: Navigate to Users

In the Microsoft Entra left-hand menu, go to Users.

Step 2: Add Users

Click + Add user and follow the wizard to add users who should have access to VoIPmonitor through Microsoft Sign-In.

Part 3: VoIPmonitor GUI Configuration

ℹ️ Note: This section requires a GUI version that supports Microsoft Sign-In (development branch or future stable release).

Step 1: Enable Microsoft Sign-In

Navigate to Settings > System configuration
Scroll down to the Advanced section
Enable the option Enable Microsoft Sign in
Fill in the configuration fields:
- Microsoft client ID: Enter the Application (client) ID from Microsoft Entra
- Microsoft tenant ID: Enter the Directory (tenant) ID from Microsoft Entra
- Redirect URI for Microsoft Sign in: Leave empty (auto-detected). Only fill if automatic detection fails.

Step 2: Configure User Mappings

Navigate to Users & Audit > Users.

For each user who should use Microsoft Sign-In:

Edit their user profile
Go to the Secure users tab
Fill in the Microsoft Sign In emails field with their Microsoft account email

Step 3: Configure Default User (Optional)

If you want to define a default user for Microsoft Sign-In (for users who are not explicitly mapped):

Edit the desired default user's profile
Go to the Basic data tab
Check the Default Microsoft Sign In account option

Troubleshooting

SSO Fails Behind Reverse Proxy (AWS ALB, Nginx, etc.)

Problem

Microsoft Sign-In fails or causes redirect loops when the VoIPmonitor GUI is accessed through a reverse proxy (e.g., AWS Application Load Balancer) that handles SSL termination. Users may see errors like "too many redirects" or lose their session after authentication.

Cause: The reverse proxy terminates HTTPS and forwards requests to the backend GUI over HTTP. Without the correct headers, the GUI believes it is running on an insecure protocol and generates HTTP URLs or redirects, breaking the OAuth callback flow.
Solution: Configure your reverse proxy to pass the original protocol via the X-Forwarded-Proto header. For Nginx, add this to your proxy configuration:

proxy_set_header   X-Forwarded-Proto $scheme;

For AWS ALB, this header is automatically included, but ensure any intermediate proxies pass it through. Also check for any Apache RewriteRule directives that redirect HTTP to HTTPS and modify them to exclude internal proxy traffic. See Nginx for complete configuration details.

AI Summary for RAG

Summary: This guide documents the Microsoft Sign-In (SSO) integration for VoIPmonitor GUI, which is currently in development and not yet available in stable releases. The setup requires three main steps: (1) Register an application in Microsoft Entra (formerly Azure AD) by creating a new app registration with Single Page Application platform type, noting the Client ID and Tenant ID, and ensuring the Redirect URI matches the VoIPmonitor GUI URL exactly without trailing slashes or page names. (2) Assign users in Microsoft Entra who should have access. (3) Configure VoIPmonitor GUI by enabling Microsoft Sign-In in Settings > System configuration > Advanced, entering the Client ID and Tenant ID, and mapping VoIPmonitor users to their Microsoft email addresses in the Secure users tab. A default Microsoft Sign-In account can be configured for unmapped users.

Keywords: Microsoft Sign-In, SSO, Single Sign-On, Microsoft Entra, Azure AD, Azure Active Directory, authentication, OIDC, OAuth, GUI login, enterprise authentication, Microsoft integration, tenant ID, client ID, redirect URI, user mapping

Key Questions:

How do I enable Microsoft Sign-In in VoIPmonitor?
How do I configure SSO with Microsoft Entra for VoIPmonitor?
What is the correct Redirect URI format for Microsoft Sign-In?
Where do I find the Microsoft client ID and tenant ID?
How do I map VoIPmonitor users to Microsoft accounts?
Is Microsoft Sign-In available in the stable GUI version?
How do I set up a default user for Microsoft Sign-In?
Why can't I see the Microsoft Sign-In option in my GUI?

@@ Line 131: / Line 131: @@
 :* '''Cause:''' The reverse proxy terminates HTTPS and forwards requests to the backend GUI over HTTP. Without the correct headers, the GUI believes it is running on an insecure protocol and generates HTTP URLs or redirects, breaking the OAuth callback flow.
 :* '''Solution:''' Configure your reverse proxy to pass the original protocol via the <code>X-Forwarded-Proto</code> header. For Nginx, add this to your proxy configuration:
-<pre>
+<syntaxhighlight lang="nginx">
 proxy_set_header   X-Forwarded-Proto $scheme;
-</pre>
+</syntaxhighlight>
 For AWS ALB, this header is automatically included, but ensure any intermediate proxies pass it through. Also check for any Apache <code>RewriteRule</code> directives that redirect HTTP to HTTPS and modify them to exclude internal proxy traffic. See [[Nginx]] for complete configuration details.
@@ Line 154: / Line 154: @@
 == See Also ==
-* [[WEB_API#Custom_Login_.28LDAP.29_-_scripts.2Fcustom_login.php|Custom Login (LDAP)]] - Custom login scripts for LDAP integration
+* [[Google_Sign_in_usage]] - Google OAuth integration
+* [[2FA]] - Two-factor authentication
+* [[WEB_API#Custom_Login|Custom Login (LDAP)]] - Custom login scripts for LDAP integration
+* [[User_Management]] - User account management