Partner Level Setup Required
This article covers connecting the phone system Microsoft 365 integration to the MTP for SSO. If you're looking to setup SSO at the partner/admin level, see Setup Microsoft 365 Single Sign-On (SSO) for Partners instead.
Why Use Microsoft 365 SSO?
Starting from the login page, bvoip enables customers to use their Microsoft 365/Entra ID tenant as their authentication provider, greatly simplifying the login process and making it so users do not need to remember a separate password or MFA code.
The steps in this article will cover setting up Microsoft SSO for a phone system under the MTP Portal, and you can use the simple decision tree below to make sure you're following the right path.
Are you setting up SSO for internal use, or resale?
Follow Changing the Control Portal Subdomain to change the domain to your preference.
Then follow Setup Microsoft 365 Single Sign-On (SSO) for Partners
And lastly follow this document below, after which your custom domain will be functional.
Do you want customers logging into your customized domain (White Label), or their own customized domain
Follow Changing the Control Portal Subdomain to change the subdomain to your preference and/or setup a full custom domain.
Then follow Setup Microsoft 365 Single Sign-On (SSO) for Partners
Simply complete the document below for each customer phone system, and they should all be able to login to the custom domain you've created.
Are your customers nested in their own portals (default for Pax8), or a flat structure (default for direct partners)? If you have customers listed under System > Customers, you're nested.
Follow Accessing Customers as a Pax8 Reseller to get into the customer's system you're configuring.
Follow Changing the Control Portal Subdomain to change the subdomain to their preference and/or setup a full custom domain.
Then follow Setup Microsoft 365 Single Sign-On (SSO) for Partners under their impersonation view
Lastly follow the steps below in their impersonation view, and they should be able to use their custom domain.
Unfortunately, in this situation your customers would need to be moved to the nested structure to support individual custom domains per client.
You can Creating A Support Ticket and our team can get the phone system moved under a nested customer after a brief outage, after which you can follow the Nested choice in this guide.
Setup the SSO Integration
SSO is configured automatically as part of the Activating the Microsoft 365 Integration process for all users who are added to the integration.
Without any further action, users can visit the main MTP login page below to sign in, just click the orange Microsoft logo.
https://mtp.bvoip.net/sso/webclient
Syncing the Integration for Customized Domains
In order for users to login to your customized subdomain or fully customized domain, you need to sync the integration to the MTP Portal using the steps below.
-
Follow Setup Microsoft 365 Single Sign-On (SSO) for Partners to setup the MTP level integration if you haven't yet.
- This must be done at the same level as the phone system, so if the phone system is nested under a dedicated customer portal (all orders via Pax8), then you must setup the partner level integration using impersonation under System > Customers.
- Ensure you have followed Activating the Microsoft 365 Integration for the designated phone system AND ADD A USER.
- If you set this up prior to August 8th, 2024, then you need to redo the Reprovision Account step to ensure new permissions are properly added.
- Go to System > Single sign-on on the left-hand side of the admin portal.
- Click the Sync button
- If the phone system does not appear, you did not add a user to the phone system's Microsoft 365 integration.
- Your phone system integration should synchronize through, and you can click the eye icon to view what users are setup for SSO through that system.
- Users should now be able to sign into the customized client login pages with the SSO button.
Customer can't login to a customized domain
If after following the above process users get an error about URLs not being set correctly:
- If you're a Pax8 partner, make sure that you've followed Setup Microsoft 365 Single Sign-On (SSO) for Partners for the customer under System > Customers.
- Make sure the integration was synced properly in step 4 above, and you can see the name (Microsoft XXX.bvoip.net) next to the Microsoft Multi-Tenant Portal record. If either of these are missing, you missed a step above.