When starting UCServer Administration, a new setting "Services → ProCall Integration in Microsoft Teams" is visible in the tree structure on the left:
Example screenshot – UCServer Administration – Services – Integration with Microsoft Teams
Then switch to the Microsoft Azure Portal to make further settings.
Microsoft Azure Portal
Log in to the Azure Portal.
An Admin-Account should be available for the necessary "Admin consent". Otherwise, this approval can also always be granted retroactively via the Azure Portal.
Determine Tenant ID
Determine the "Tenant ID" of your company using https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant
Copy the ID and then switch to UCServer administration.
Enter Tenant ID
Enter the copied "Tenant ID" in "Services → ProCall Integration in Microsoft Teams" in the "Active Directory Tenant ID:" field.
"Auth required" should be visible at the bottom. Now grant the required consents "User consent" and "Admin consent are assigned
- User consent (Read presences) "User consent" button in administration
- Admin consent (Write presences)
- "Consent of the administrator" button in the administration
- or via the Azure Portal
User consent (Read presences) "User consent" in the administration
Click the "User consent" button
- Perform the user consent with an Azure AD account
- Confirm the requested permissions 2 times
Example screenshot: Grant permission for the app requested in the Microsoft account – "User consent"
By these measures the user consent was given, but the admin consent is still missing.
Admin consent (Write presences) – "Consent of the administrator" for the organization
"Consent of the administrator" button in the administration
Admin consent can be triggered via the UCServer administration. This way you do not have to click through the Azure Active Directory in the browser.
- click the "Administrator's consent" button
- Confirm the permissions
Example screenshot –
Grant permission requested in the Microsoft account for the app – administrator "Admin consent".
Log in to the Azure Portal with an account that can grant "Admin consent".
Navigate to "Azure Active Directory → All Applications → Enterprise Applications → estos ProCall Integration in Teams → Permissions
Grant the "Admin consent" (consent of the administrator) via the corresponding button.
Example screenshot in Azure Portal – API name – Permission – Admin consent
Example screenshot in Azure Portal – API Name – Permission – User consent
In the Azure Portal, there are settings for the company indicating that User consent is not possible at all and can only be made by the administrator: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal#configure-user-consent-settings
In this case, User consent in the UCServer management cannot be performed with any user account, but must be based on the assigned rules for Enterprise Apps in the Azure Portal.
For this reason, and if the same Administrator account is used for User consent and Admin consent, the granted permissions are displayed in the "Admin consent" table in the Azure Portal. The table for the User consent remains empty.
Password changes/expired password
Please note that in case of password changes or for an expired password for the administrator or user account used for Admin or User Consent, the authorization must be reissued in UCServer to ensure functionality.
For example, for passwords that are about to expire, an organizational measure can be taken to reassign the password on the previous working day and renew the admin or user consent in the same process step. In this way, downtime can be reduced to a minimum.
Permissions – API Permissions – Consent
In order for the UCServer to be allowed to read team users' presences, a so-called "User consent" is required. This can be done centrally from the point of view of a user who has carried out the "User consent" in the UCServer administration.
In order for the UCServer to be able to set the presence of the teams users, a so-called "Admin consent" is necessary. This can be done either via the Azure portal or via the "Admin consent" button in the UCServer administration.
It is nevertheless advisable to view the permissions of the enterprise application "estos ProCall Integration in Teams" in the Azure Portal. Access can also be removed again via this.
Once the required permissions are set, integration with Microsoft Teams can be enabled globally, per group (services) or for individual users (services).
Note that the users in UCServer management and Azure Active Directory must match in username or UPN (user principal name).
From ProCall version 7.3.5 and above, it is possible to create a file in which users are optionally assigned if there is no unique match. Copy this file to the "ExternalServiceProvider" directory in the UCServer installation folder. This list is loaded after activating the Teams integration in the UCServer management.
File name: usermatching.csv
Content (comma separated): Azure AD username,UCServer username
In the example, user Max Mustermann has the UPN "firstname.lastname@example.org" in the UCServer user management. In Azure AD, he has the UPN "email@example.com". Further entries can follow in additional lines.
Please note that user names in the CSV file are case-sensitive, otherwise they cannot be matched.
estos ProCall integration in Microsoft Teams as app or own app registration
Here is how to set up and use the ProCall integration in Microsoft Teams.
estos provides a custom app for this purpose (estos ProCall integration in teams) as a quick and easy way of getting started for customer companies.
If you do not want to use this app, but provide an app registration for the company yourself, proceed as follows:
Use custom app registration