Why not use this method?
This guide covers the quickest and simplest method of enabling Microsoft 365 SSO, however you are not able to brand the actual login page like the Branded Microsoft 365 SSO option allows for.
The 1stream Client browser extension also forcefully redirects away from this page when enabled, as 1stream requires the complete SSO setup to work properly.
Pre-Requisite
- Make sure you have followed Activating the Microsoft 365 Integration on the phone system
Setup SSO
- Login to the Control admin portal
- Open the phone system in question
- Go to Integrations > Microsoft 365
- Open the Sign In tab
- If you don't see this, it means you haven't activated the integration properly yet, or you're in the “Old UI”
- Click on Enable sign-in sync
- Set the sync mode to whichever you prefer, in this case we'll do All
- Click Save changes at the top
You should now be able to visit the phone system FQDN (not Control) with the /webclient endpoint, such as phonesystem.bvoip.net/webclient, and get the default login page below.
Troubleshooting
Help! I keep getting redirected to the other login page!
If you keep getting pushed to the main bvoip branded login page, that means you have the 1stream Client extension installed. Deactivate that extension temporarily in order to login through this page.
The login page keeps looping
If you're seeing the login page loop, follow the steps below to correct the permissions.
- Login to https://entra.microsoft.com
- Go to Applications > App Registrations > All Registrations
- Find your phonesystem.bvoip.net app and open it
- Go to API Permissions on the left hand side
- Click Add a Permission and navigate through Microsoft Graph > Delegated > User
- Add the User.Read permission, then grant Admin Consent
- Try signing in again and it should let you through