Skip to main content
Skip table of contents

Microsoft Entra ID

Overview

Microsoft Entra ID (formerly Azure Active Directory) for ipSCAPE and this gives Administrators the ability to simplify access and manage Agents or Users accessing the Workspace, Agent Toolbar, or the CTI Adaptor.

Microsoft Entra ID Integration with ipSCAPE can be utilised with the following features and the configuration for each, once an Entra ID Application is created, is listed:

A single ipSCAPE Entra ID application can be configured in the portal of each of the above


1. Adding a Microsoft Entra ID Application for ipSCAPE

Global Administrator permissions for the Entra ID user configuring the application is required to complete the following sections.

To create the registration of ipSCAPE in Azure Active Directory:

  • Sign in to the Entra ID portal

  • If there is access to multiple tenants, use the Directories + subscriptions filter in the top menu to switch to the tenant which will be registered to the ipSCAPE workspace.

  • Search for and select Azure Active Directory.

  • Under Manage, select App registrations > New registration.

  • Enter a display Name, for example “ipSCAPE Azure AD Integration (DEMO)

  • Specify who can use the application, this may also be called its “Sign-in audience”

  • Leave Redirect URI (optional) blank; this will be configured in the next section

  • Select Register to complete the initial app registration


2. Add a Redirect URI to the Azure ipSCAPE Application

A redirect URI is the location where the Microsoft identity platform redirects a user's client and sends security tokens after authentication. A redirect URI can be added or modified by configuring the platform settings.

Redirect URI is required for the configuration of Active Directory in ipSCAPE for:

To configure application settings registered in the previous section, follow these steps for each of the above:

  • In the Azure portal, in App registrations, select the ipSCAPE application.

  • Under Manage, select Authentication.

  • Under Platform configurations, select Add a platform.

  • Under Configure platforms, select the Web tile to configure the settings:

  • View the relevant sections below for the Redirect URI values to be entered:

Single Sign-On (SSO) Redirect URI Configuration

Enter the Redirect URI and click Configure. The Redirect URIs will be in the following format:

Field

Environment

Value

Redirect URIs

All Environments

https://ctiadaptor.ipscape.com.au

https://<TENANT_HOSTNAME>/workspace/authorize-sso

https://<TENANT_HOSTNAME>/toolbar/authorize-sso

Logout URL

All Environments

https://<TENANT_HOSTNAME>/api/latest/user/endthirdpartysession

ID Tokens

All Environments

Checked

  • Click the "Overview" section, and raise a ticket with ipSCAPE Service Desk with the following details to enable the SSO configuration of the credentials into ipSCAPE:

    • Application (client) ID

    • Directory (tenant) ID

PDF

To configure Azure SSO for ipSCAPE, please raise a request with ipSCAPE Service Desk to enable this feature.

Email Channel Redirect URI Configuration


3. Client Secret Credentials for Azure ipSCAPE Application

Sometimes called an application password, a client secret is a string value that can be used in place of a certificate as identity. The Client Secret is required for the configuration of Active Directory in ipSCAPE for:

To configure the application Client Secrets:

  1. In the Azure portal, in App registrations, select the application configured in the previous sections.

  2. Select Certificates & secrets > Client secrets > New client secret.

  3. Add a description for the client secret.

  4. Select an expiration for the secret or specify a custom lifetime.

    • Client secret lifetime is limited to two years (24 months) or less. A custom lifetime can not be longer than 24 months.

    • It is recommended that an expiration value of less than 12 months is set.

  5. Select Add.

Ensure to record the secret's value as this is required to use in the email channel configuration and Directory configuration in ipSCAPE.

The client secret value will not displayed again after leaving this page.

If lost, a new secret will need to be reconfigured from the steps above.


4. Additional Notes

  1. API Permissions for User.Read.All are required to Sync the Directory in the ipSCAPE Workspace and the User will be presented an error if this is attempted without the permission added to the Azure Application:


    Global Administrator User access is required to grant this permission:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.