Description of Enreach Identity

What is it

• New authentication system for Enreach Voice cloud user interfaces *

  • A centralized and secure system for handling user sign-ins

• Built using industry standards

  • OpenID Connect and OAuth2

  • Standards also used by big players in the industry

• Authenticate users with Microsoft Azure AD when signing in

• Also other identity service providers can be implemented via SCIM protocol, if separately agreed.

• User always logs in with a browser which means that SSO (Single sign-on) and MFA (Multi-Factor Authentication) can be enabled

• Implementation requires user account migration

Benefits

• Improved security

  • No separate credentials – can use user's own Microsoft Azure AD credentials

  • Possible to use MFA - use customers’ own MFA solution (or use our Keycloak MFA solution) 

• Easier authentication

  • No need to ask for username and password, if the user is already authenticated

  • For example, if the user is already signed-in to Microsoft O365 in their browser they don’t need to sign in again on same device

• Easier end-user credentials management

  • User management done by customers in Microsoft Azure AD.

  • Easy way to authorize users to Enreach Voice by customers themselves

Sign-in example

An example for Voice for Browser standalone version:

Open

High level steps for migration

• Enreach creates customer configuration into the Enreach Identity system 

  • Users are provisioned into the system 

  • Users need to be informed that next time the login is different: a two-step login process where username is asked separately

• Optional: Setting up Microsoft Azure AD as the identity provider

  • Configuration to customers own Azure AD is needed

  • Customer tenant admin grants consent to Enreach Identity

See more at Configuration Guidelines

• Please note: Enreach Identity is not supported on Voice for Windows