Adding the Teams Tokens and Permissions

This article will provide a walkthrough of adding the needed tokens, permissions and secrets for the Team Integration.

Having Trouble?

Please see our Teams Troubleshooting article for assistance with this phase of your Teams implementation. 

User Licensing Notice

Users with a license for less than E5 will need to make sure that they have the Microsoft Phone System licensing included for Teams to work as a softphone.

This process will take place after the Phone System and other integrations such as our 1Stream connection (if applicable) have been provisioned and setup. To start the integration process, please be logged into the bvoip portal and have your Azure application with administrative access open. 

Setting the Tokens

  1. Log into the Azure Active Directory Portal in a separate browser.
  2. Select the Azure Active Directory option.
  3. Go to the App Registrations section.
  4. Click on New Registration. 
  5. In the Name field, input bvoip-msteams-integration. UTI2
  6. Go to the Supported Account Types section.UTI1
  7. Select the Accounts in this Organizational Directory Only option.
  8. Go to the Redirect URL section.UTI3-1
  9. Select Web in the drop-down. 
  10. In the textbox beside the web drop-down, input the redirect URI from the bvoip phone system.
  11. Click the Register button.

Granting Permissions and Secrets

  1.  In Azure, go to the API Permissions section.
  2. Click Add a Permission.TI10
  3. Go to the Microsoft APIs section.TI11
  4. Select the Application Permissions option at the Request API Permissions prompt.uti4
  5. Click the Microsoft Graph icon. You will then be able to add the following permissions: Teams15
    1. Under the User subsection:
      1. User.Read
      2. User.Read.All
      3. UserReadWrite.All
    2. Under the Domain subsection:
      1. Domain.ReadWrite.All
      2. Domain.Read                                                                 
    3. Under the Calendars subsection:
      1. Calendars.Read
    4. Under the Mail subsection:
      1. Mail.Send
    5. Under the Contacts subsection:
      1. Contacts.Read
  6. Click on the Add Permissions button.
  7. Click on Grant Admin Content. A confirmation pop-up will appear.TI16
  8. Click on Yes to confirm Permissions.TI17
  9. Navigate to the Certificates and Secrets section. 
  10. Go to the Client Secrets tab.
  11. Click on the New Client Secret button.
  12. Go to the Client Secrets tab.
  13. Click on New Client Secret button. The Add Client Secret side menu will then appear. TIUpgrade8
  14. In the Description field, type in PBX Secret.
  15. In the Expires field, select 24 months. 
  16. Click the Add button. The Client Secret will then be listed under the value column. UTI6
  17. Copy the Value shown under the Value column into a notepad.
  18. Go back to the bvoip Phone System.
  19. Go to the Integrations menu.
  20. Select the Microsoft 365 option.
  21. Go to the Configure tab.
  22. Click on the Generate New Key Pair button. A certificate will then be downloaded to your device.
  23. In Azure, go to the Certifications and Secrets section. 
  24. Select the Certificates tab.UTI8
  25. Click on the Upload Certificate button. A pop-up window will appear to upload the downloaded certificate. 
  26. Click the Add button.
  27. Go to the Overview section in Azure. 
  28. Copy the Directory (Tenant) ID and paste it into a notepad. 
  29. Copy the Application (Client) ID and paste it into a notepad.
  30. Go back into the bvoip phone system. 
  31. Paste the Secret Value, Application and Directory IDs into their correlating fields. 
  32. Click on the Save Changes button. 
  33. Click on the Log into Microsoft 365 button. You will then be prompted to log into Azure as the main administrator and accept the permissions request. 

After the above has been completed, then there are two paths to be taken, depending on if you are completing the Teams or Microsoft 365 integration.

Continuing the Teams Integration

For the Teams Integration, the next step will be having the domain be built out as well as the users setup for activation. For more information on next steps, please see our Enabling Direct Routing article.

Continuing the Microsoft365 Integration

For the Microsoft 365 Integration, the desired users will need to be added in the Users tab. For instructions on doing this, please see steps 1-5 in our Adding New Users to Teams article.