I had explained in this blog about how to configure Unified Messaging feature of Cisco Unity Connection with Application Impersonation role assigned to a Service Account. This method was explained using basic authentication method of Office 365; however, as Cisco has deprecated basic authentication, we have to update our configuration to support OAuth 2.0.

If you are using basic authentication and Microsoft has stopped supporting basic authentication on your tenant, you will receive below error when you Test your connection with Unified Messaging:

Pre-requisites

Please make sure you have below pre-requisites in place before starting configuration:

1. Correct Unity Connection Version
2. Service Account in AD/ Office 365
3. Register an Application in Microsoft Azure Administration Portal

Let’s look at these pre-requisites in more details.

Verify Unity Connection version

First we have to verify Unity Connection version to make sure it can support OAuth 2.0 as older versions do not have OAuth 2.0 functionality enabled. As per available information on Cisco documents, Unity Connection version 11.5SU8 and above or 12.5SU2 and above support OAuth 2.0 configuration.

Please refer below procedure to check your Cisco Unity Connection version:

• Login to Unity Connection CLI using Putty or any other SSH client
• Run “show version active” command
• If you are running any lower version of CUC 11.5 then above mentioned, then you can download latest version from here.

Create Service Account

Please refer my blog about configuring Unified Messaging with basic authentication to follow the steps about how to create a Service Account with application impersonation role.

Register an Application in Microsoft Azure

For using OAuth2 web authentication mode, you must create and register an application on Microsoft Azure portal corresponding to the Unified Messaging Service. Please follow below steps:

• Sing in to Azure Portal using Administrator privilege
• Select Azure Active Directory.

• On Azure Active Directory window, select App registrations and create a new application using New registration field.

• After successfully registering the application, you get the values of Application (Client) ID and Directory ID that are used for configuring Unified Messaging.

• Select Certificates & secrets and create a new Client Secret that provides a Client Secret value, used for configuring Unified Messaging.

• Make sure to copy the value of Client secret at the time of creation otherwise you have to create a new Client Secret for the application.

• Select API permissions > Add a permission > APIs my organization uses. Enter Office 365 Exchange Online in search bar and select it.

• Click Delegated permissions

• Add below permissions in your application:

• If Access Exchange Calendar and Contacts Service Capability is enabled in Unified Messaging Service, then you should also add below permissions in your application:

• On API permissions window, select Grant admin consent for Cisco Systems to provide grant admin consent for the requested permissions.

Configure Unity Connection

• Login to Cisco Unity Connection Administration page
• Navigate to Unified Messaging > Unified Messaging Services and select Add New
• On New Unified Messaging Service page, select OAuth 2 as Web-Authentication Mode for Office 365. Enter the Application ID, Client Secret and Directory ID that you have created on Azure portal.
• Select Save

• Search for your Unity Connection user
• Navigate to Unified Messaging menu option
• Add above created Unified Messaging Service account
• Click on Test Connection and make sure you get Success message for accessing user’s outlook account.

So this is it!! Your Unified Messaging is now configured to use OAuth 2.0. I will be following up with another document for troubleshooting tips.

Please share your comments/feedback or any questions regarding this configuration. Let me know any other topics that you may like to see in future.