Logging in to Avaya IX Messaging applications (Web Admin, Web Access, Web Reports and Messaging Admin) is handled using a 3rd party authentication provider, such as Salesforce, Google, Office 365 or Windows. This Single Sign-On process let’s clients use their credentials from the other applications to access Messaging. This is known as Legacy SSO.
Clients open an application, are passed through Messaging and then onto the provider. The client’s credentials are authenticated by the provider and access is granted.
The preferred method for authentication is Hybrid SSO as it offers a higher level of security for your connections by adding a certificate validation layer. The Voice Server, or the Consolidated Server in a High Availability environment, is authenticated on the Avaya licensing server through a certificate enabled handshake. The client then uses whichever login credentials they have available to complete the connection from their current location.
Clients open an application and are passed through to Messaging. If the connection to the accounts.zang.io server has been validated by the certificate, the login request is sent to the provider for authentication. If either the connection is not valid, or if the client’s credentials are incorrect, then access is denied.
|
Important: The Hybrid SSO login procedure requires an active Internet connection. Only Legacy SSO can be used if Internet access is disabled / locked-down (i.e. at high security, isolated sites). |
A the end of the installation routine, you are asked to select the SSO method to employ.
To use the Legacy SSO login method:
•On the SSO Configuration screen, enable Legacy SSO.
•From the Providers dropdown menu, enable the authentication providers that you want your clients to use to access Web Admin, Web Access, Web Reports and Messaging Admin. Items that are disabled will not appear during login.
Filling out these fields is optional and only required if you make use of OAuth2 when connecting to these providers.
•Client Id: Enter the OAuth2 client ID for the provider you have chosen.
•Client Secret: Enter the OAuth2 client secret value for the provider you have chosen.
•Redirect URL: Enter the URL for your company given by the provider you have chosen.
Resolve user principal name: When logging in to Windows, you must provide both the domain or computer name and a username (e.g. salesdomain\brian or mycomputer\bob). When Resolve user principal name is enabled, enter these details in the form userName@domain (e.g. [email protected]). This format must be used throughout the program wherever SSO login details are required to access other applications.
•Enable all that apply, then click OK.
•Click Save when finished.
|
Important: The Hybrid SSO login procedure requires an active Internet connection. Only Legacy SSO can be used if Internet access is disabled / locked-down (i.e. at high security, isolated sites). |
To use the Hybrid SSO authentication method:
•On the SSO Configuration screen, enable Hybrid SSO.
•From the Providers dropdown menu, enable the authentication credentials that you want your clients to use to access Web Admin, Web Access, Web Reports and Messaging Admin. Items that are disabled will not appear during login.
Enable all that apply, then click OK.
Resolve user principal name: When logging in to Windows, you must provide both the domain or computer name and a username (e.g. salesdomain\jcarter or posSystem\rosier). When Resolve user principal name is enabled, enter these details in the form userName@domain (e.g. [email protected]). This format must be used throughout the program wherever login details are required to access other applications.
•Enter the domain name where your Voice / Consolidated server is located in the space provided.
•A certificate is required when using Hybrid SSO. Click the button to the right side of the Certificate field.
Choose Create to have Messaging build a certificate for you. Or if you have a certificate in PFX format that you would rather use, click Import and select that file instead.
Select the certificate to use, then click OK.
•Once back at the SSO Providers screen, click Save.
•Follow the instructions on this window to complete the installation.
1.Click the link, or enter the URL into the address bar of a web browser to open the Avaya Cloud Accounts site.
2.Login using credentials for an account with administrator rights to the domain.
3.Go to Manage Companies, select a company (if more than one), and open the Apps tab.
4.Click Configure New App+. On the Product dropdown menu, select IX Messaging Services.
5.You should land on the IX Messaging Services Application Settings page.
6.Ensure that the option for JSON is enabled then scroll down to Public Settings. Copy the string from the Cloud Configuration panel and paste it into the space provided.
|
Caution: Be careful to copy the entire string from the Cloud Configuration panel. It may extend below the bottom of the pane. |
7.Click Save when ready. Returning to the Cloud Configuration panel, click Continue to complete the Hybrid SSO configuration.
As long as the strings on both the Voice / Consolidated server and the Avaya Cloud server match, users will be able to access the applications using their available credentials.
If these strings are not the same, then users will not be able to login using any credentials.