Versions Compared

Old Version 7

changes.mady.by.user Henri Keskinen (Unlicensed)

Saved on

compared with

New Version 8

changes.mady.by.user Eetu Purontaus (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Modern authentication

With Modern Authentication, users authenticate with OpenID Connect against the customer’s own Azure tenant using a browser. This means that user accounts are centralized to the customer’s own Azure and are by definition subject to the already-existing security policies.

Tenant configuration

To enable Azure AD authentication integration to Enreach Voice services, two Enreach Voice enterprise applications must be consented by the customer’s Azure tenant administrator:

  • EnreachVoice application

    • Enables the users to sign in via Enreach Identity

  • EnreachVoice UserSync application

    • Enables Enreach backend to read and synchronize user information from Azure. This is needed to correlate users in Enreach system to Azure users.

Consent is granted by generating the following two links pointing to the customer tenant.

  • https://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=a289977d-5d74-48c9-865c-29705346e99d

  • https://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=633f3578-9b28-493a-91f2-1edfdc069a7a

After generating the links by populating the correct tenant id, a tenant Global Global administrator follows the links and grants the consents in Azure.

Image AddedImage Added

Classic authentication

In classic mode, user credentials are passed through Enreach backend to Azure for validation. This mode is maintained for backwards compatibility - new deployments focus on Modern Authentication.

To enable classic Azure AD Authentication integration for your organization, Benemen Authenticator an Azure AD application must be registered to customer Active Directory in Azure management portal. 

If Multi-Factor Authentication (MFA) is enabled on Azure AD, Benemen Enreach Datacenter IP Addresses (80.88.186.0/23) must be whitelisted. More information: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips

...

...

5. Go to Authentication tab and configure following

  1. Select “Add a platform”

    Image RemovedImage Added

  2. Select Web

    Image RemovedImage Added

  3. Configure Web

    1. Enter https://api.beneservices.com as RedirectURI

    2. Select ID Tokens

    3. Click Configure

      Image RemovedImage Added

  4. Set Allow public client flow = Yes

    Image RemovedImage Added

  5. Click Save


6. Go to Permissions tab

  1. Make sure that app have User.Read permission

    Image RemovedImage Added


  2. Click Grant admin consent and Yes to confirmation

  3. Make sure that there is a green mark for Admin consent

...

  • Send Application ID value to Benemen Enreach

...