With MiCollab Release 9.3, MiCollab has introduced CloudLink (CL) based Authentication (known as CL Auth) for its end-users (i.e. for the MiCollab Clients).
Customers are provided with a MiCollab Client authentication choice between using MiCollab (i.e. local) or from CloudLink (i.e. CloudLink Authentication). CloudLink can be integrated with an Identity Provider such as Azure Active Directory (AD) at the CloudLink backend. An Identity Provider such as Azure AD provides Single Sign-on capabilities (where users use enterprise credentials to login to Mitel Applications) and safeguards access to data and applications while maintaining simplicity for users.
At the same time, the credentials for CloudLink/Azure AD Authentication on MiCollab Clients can be used to cross-launch CloudLink applications such as MiTeam Meetings, thus providing a seamless single sign-on experience across Mitel Applications.
Note: While the intent is to allow Identity Providers to provide Single Sign-on capabilities, CloudLink with no integrations to an Identity Provider can also provide CloudLink Authentication. However, the user will be provided with an Email with links to CloudLink to complete the CloudLink authentication process (i.e. setting password). The benefit of having CloudLink Authentication (even without an Identity Provider) is that Single-Sign On Credentials are still provided for CloudLink applications such as MiTeam Meetings.
CloudLink/Azure AD based Authentication is supported on MiCollab Web, PC, Android, iOS, and MAC clients; however, it is not supported on End user portal, AWV - Outlook portal/desktop client/Web Client, MiCollab for Microsoft and MiCollab Legacy desktop Clients.
Users who have enabled CloudLink-based Authentication will not be able to use AWV (with leader capabilities) and create AWV conferences through End-User Portal, Outlook plugin, and Ad-hoc AWV meeting, that is, users with CloudLink-based authentication cannot be AWV users. However, these users can still join the AWV meetings as participants.
Users who have enabled CloudLink-based Authentication can use the Meeting Centre but only to join meetings from other participants or their old meetings (created before they moved to CloudLink-based authentication).
The CloudLink-based Authentication feature should only be turned on once the CloudLink Integration is done, and the MiCollab Clients are upgraded to Release 9.3 and above loads.
Administrators have a choice to enable and disable CloudLink/Azure AD based Authentication for specific set of users.
MiCollab can only be configured with a single source of authentication - CloudLink or OnPrem-Active Directory. Before moving to CloudLink-based Authentication, they must disable the On-Prem AD authentication if configured already.
The CloudLink-based Authentication feature is supported with MiVoice Business (on Enterprise and Flex deployments), MiVoice MX-ONE, MiVoice 5000 MiVoice Office 400 platforms.
Refer to the MiCollab CloudLink-based Authentication Solution Document for the following sections:
To set up a CloudLink account for Integration from the CloudLink portal, see the Setting up a CloudLink Account for Integration section.
Adding a user on Azure in Mitel Connect
To add CloudLink Platform/ Azure AD authentication for IDS, see the IDS_Connection_for_CLoudLink.htm topic.
CloudLink (CL) based synchronization provides single point of user provisioning and management of MiCollab users from the CloudLink Accounts Portal. CloudLink can further be integrated with a provisioning service such as Azure AD with the help of SCIM interface to extend the user provisioning and management directly from the Azure AD service portal. This feature can be turned on/off with CloudLink based authentication.
CloudLink based synchronization is supported in Integrated mode and only with MiVB platforms (On-premise and Flex deployments).
Once CloudLink based synchronization is enabled, admin will not be able to add new users from MiCollab USP but from CloudLink (or 3rd party provisioning server) portal only. At the same time attributes update for existing users will only be allowed for limited fields.
CloudLink based Synchronization can only be turned on one IDS connection.
Refer to the MiCollab CloudLink-based Authentication Solution Document for more information on CloudLink Synchronization and the following sections:
For setting up the MiCollab from IDS, refer to the IDS_Connection_for_CLoudLink.htm topic.
Alarms
Scenario |
Alarm Text |
Severity |
Resolution |
When CL Adapter is down |
ERROR – AUTHSERVICE_DOWN |
High |
Restart the CL Adapter service using command: service cladapter restart |
When CL platform could not be connected from CL Adapter |
ERROR – CL_CONNECT_FAILURE |
High |
Check the network connection between MiCollab and CL Platform |
SAS rest service is down |
ERROR – REST_CONNECT_FAILURE |
High |
Restart the SAS Rest service using command: service restserver restart |
CL Adapter connection with CL platform breaks momentarily |
ERROR – CL_CONNECT_FAILURE |
Medium |
Check the network connection between MiCollab and CL Platform |
Errors
Scenario |
Error String |
Resolution |
When Admin tries to enable CL Auth from BUP |
Failed to enable CloudLink Authentication. |
Check the connection to CL platform. Restart mom-server using command service mom-server restart
Contact Mitel Support with issue and log details
|
When Admin tries to disable CL Auth from BUP |
Failed to disable CloudLink Authentication. |
|
When Admin tries to re-send CL Account setup E-mail |
Failed to send CloudLink Account setup E-mail. |
|
User Summary Reports
This report lists the following information for the MiCollab users:
User's First Name
User's Last Name
Email Address
UCC Bundle
Department
Location
MiTeam Meeting status: Y/N/NA
MiTeam Failure reason - Reason stated if any or else mentioned as N/A
CL Authentication status: Y/N/NA
CL Authentication Failure reason - Reason stated if any or else mentioned as N/A