Configure Auto-admit
Setting up the Synergy SKY® Auto-admit Feature
A Lifesize Icon system that joins a Microsoft Teams® meeting with Connect Plus Gateway always joins the meeting as a guest. Synergy SKY’s auto-admit feature allows the Icon to join the meeting without manual intervention.
Before you are able to use the auto-admit feature with Lifesize Connect Plus Gateway, in your Microsoft environment you must configure an Azure Communication Service, register an app, configure a designated user, and create an access policy.
Setting Up an Azure Communication Service
Use the Azure Portal to create and configure a communication service.
- Sign in to the Azure Portal.
- Under Azure services, select + Create a resource.
- On the New page, search for and then from the results, select Communication Services.
- Select Create.
- Configure your communication service. Specify the following:
- the subscription
- the resource group
- the name of your communication services resource
- the geography to associate the resource with
- Review your setup and Create your resource.
See Create Azure Communication Services Resource for detailed instructions.
Collecting your Connection String
Later in the configuration you will need the connection string that allows API calls to your communication service. Find and save your connection string so it is available when you complete the configuration of Connect Plus Gateway.
- Sign in to the Azure Portal.
- Search for and then from the results, select Communication Services.
- On the Communication Services page, select the name of your resource.
- Select Keys from the menu on the left.
- Under Primary Key, click the Copy icon beside the Connection String field.
- Paste and save this information so that it is available later, when you configure Connect Plus Gateway.
Note: This connection string will be used in the Azure Communication Service Connection String field on the Admin Console > Connect Plus Gateway tab.
See Access your Connection Strings and Service Endpoints for detailed instructions.
Managing your Application
You will need to register a client app and create a client secret so that you can generate a token to use in your REST API request.
Registering the App
- Sign in to the Azure Portal.
- On the Active Directory Overview page, under Manage in the side menu, select App Registrations.
- Select New registration.
- Enter a Name for your application.
- Select Register.
- On the App registrations page, select the name of your application.
- Take note of the Application (client) ID and the Directory (tenant) ID so that it is available later, when you configure Connect Plus Gateway.
Note: The Application (client) ID and the Directory (tenant) ID will be used during the configuration of Connect Plus Gateway on the Admin Console > Connect Plus Gateway tab.
Obtaining the Client Secret
- From the side menu, select Certificates & secrets.
- On the Client secrets tab, select New client secret.
- Enter a Description.
- Select or enter when the secret Expires.
- Select Add.
- On the Client secrets tab, click the Copy icon beside the client secret you just created.
- Paste and save this client secret value so that it is available later, when you configure Connect Plus Gateway.
Note: This client secret value will be used in the Application Client Secret field on the Admin Console > Connect Plus Gateway tab.
Applying Permissions
- From the side menu, select API Permissions.
- Under Configured Permissions, select Add a Permission.
- In the Add Permissions menu, select Azure Communications Services.
- Select the following permissions:
- Teams.ManageCalls
- Teams.ManageChats
- Click Add Permissions
- In the Add Permissions menu, select Microsoft Graph.
- Select Delegated permissions.
- Select the following permissions:
- Open ID
- User.Read
- Click Add Permissions.
- Select Application permissions.
- Select the following permissions:
- OnlineMeetings.Read.ALL
- User.Read.All
- Click Add Permissions.
Important: Once you add all permissions, a user with an Administrator role must click Grant admin consent.
Allowing Public Client Flows
- From the side menu, select Authentication.
- Under Advanced Settings, click Yes to Allow public client flows.
See Register an App to request authorization tokens and work with APIs for detailed information on registering your application.
See Add the Communication Service permissions in the application for information on adding permissions.
Creating a Microsoft 365 User
An Administrator must create a dedicated Microsoft 365 user licensed to use Microsoft Teams. This user’s username and password is used to join online meetings.
Important: Two-factor authentication must be turned off for this user.
- Log into Microsoft 365 admin center.
Note: Adding a user requires Administrator permissions. - From the side menu select Users > Active Users.
- Select Add a user.
- Complete the basic user information for this user.
- In the Assign product licenses pane, select the location and the appropriate license to assign.
- Select Next.
- In the Optional settings pane, expand Roles to make the user an admin.
- Select Next.
- Review the details and click Finish adding.
- Select Close.
Configuring an Application Access Policy
Policies are collections of settings that can be applied to one or more applications. An administrator must configure a policy to allow your application to access online meetings with application permissions. You will configure the application access policy using PowerShell, while logged in as an admin user.
Note: You may need to install the Teams PowerShell module. You will need the application (Client) ID of the application you registered for Connect Plus Gateway.
- Open a Windows PowerShell command prompt window.
- Run the following commands:
Import-Module MicrosoftTeams
Connect-MicrosoftTeams - When prompted, enter your administrator account name and password.
- Select Sign in.
- If necessary, follow the instructions to authenticate and verify the log in.
You will create a new application access policy or edit an existing one.
To see if you have an existing policy, run the following command:
Get-CsApplicationAccessPolicy
If an access policy exists, add your application to it with the following command:
Set-CsApplicationAccessPolicy -Identity <your_access_policy> -AppIds @{Add=”<applicationid>”}
Where <your_access_policy> is the name of the access policy to update and <applicationid> is the ID of your registered application.
If an access policy does not exist, create a new policy and add the app registration with the following command:
New-CsApplicationAccessPolicy -Identity <your_access_policy> -AppIds <applicationid>
Where <your_access_policy> is the name of the access policy to create and <applicationid> is the ID of your registered application.
Once the policy is created or updated, it must be granted access to online meetings for all users/rooms with the following command:
Grant-CsApplicationAccessPolicy -PolicyName <your_access_policy> -Global
Where <your_access_policy> is the name of the access policy that contains your registered applicationId.
Configuring Connect Plus Gateway
After you have completed the pre-requisites in Microsoft Azure and Microsoft Entra, you must add specific information to the configuration tab for Connect Plus Gateway in Admin Console. Navigate to the Admin Console > Connect Plus Gateway tab.
Microsoft Teams Lobby Auto-admit Configuration
Enter the information you collected while performing the set ups.
- Azure Communication Service Connection String – the Connection String assigned to the Primary Key for your communication service. Navigate to your communications services resource and select Keys from the navigation menu.
- Application Client ID – the Application (Client) ID for your registered app.
- Application Client Secret – the Client Secret value for your registered app.
- Application (Microsoft 365) Tenant ID – the Directory (Tenant) ID for your registered app.
- Microsoft 365 Username – the username for the dedicated user that allows the room system to join Microsoft Teams meetings.
- Microsoft 365 Password – the password for the dedicated user that allows the room system to join Microsoft Teams meetings.
Note: The Bot Username and Password are stored and used by Connect Plus Gateway to automatically admit the room system to Microsoft Teams meetings. Enghouse suggests you create a dedicated Microsoft 365 Username and Password for the auto-admit bot.