How to configure Unified Messaging for Cisco Unity Connection with OAuth 2.0

I had explained in this blog about how to configure Unified Messaging feature of Cisco Unity Connection with Application Impersonation role assigned to a Service Account. This method was explained using basic authentication method of Office 365; however, as Cisco has deprecated basic authentication, we have to update our configuration to support OAuth 2.0.

If you are using basic authentication and Microsoft has stopped supporting basic authentication on your tenant, you will receive below error when you Test your connection with Unified Messaging:


Please make sure you have below pre-requisites in place before starting configuration:

  1. Correct Unity Connection Version
  2. Service Account in AD/ Office 365
  3. Register an Application in Microsoft Azure Administration Portal

Let’s look at these pre-requisites in more details.

Verify Unity Connection version

First we have to verify Unity Connection version to make sure it can support OAuth 2.0 as older versions do not have OAuth 2.0 functionality enabled. As per available information on Cisco documents, Unity Connection version 11.5SU8 and above or 12.5SU2 and above support OAuth 2.0 configuration.

Please refer below procedure to check your Cisco Unity Connection version:

  • Login to Unity Connection CLI using Putty or any other SSH client
  • Run “show version active” command
  • If you are running any lower version of CUC 11.5 then above mentioned, then you can download latest version from here.

Create Service Account

Please refer my blog about configuring Unified Messaging with basic authentication to follow the steps about how to create a Service Account with application impersonation role.

Register an Application in Microsoft Azure

For using OAuth2 web authentication mode, you must create and register an application on Microsoft Azure portal corresponding to the Unified Messaging Service. Please follow below steps:

  • Sing in to Azure Portal using Administrator privilege
  • Select Azure Active Directory.
  • On Azure Active Directory window, select App registrations and create a new application using New registration field.
  • After successfully registering the application, you get the values of Application (Client) ID and Directory ID that are used for configuring Unified Messaging.
  • Select Certificates & secrets and create a new Client Secret that provides a Client Secret value, used for configuring Unified Messaging.
  • Make sure to copy the value of Client secret at the time of creation otherwise you have to create a new Client Secret for the application.
  • Select API permissions > Add a permission > APIs my organization uses. Enter Office 365 Exchange Online in search bar and select it.
  • Click Delegated permissions
  • Add below permissions in your application:
  • If Access Exchange Calendar and Contacts Service Capability is enabled in Unified Messaging Service, then you should also add below permissions in your application:
  • On API permissions window, select Grant admin consent for Cisco Systems to provide grant admin consent for the requested permissions.

Configure Unity Connection

  • Login to Cisco Unity Connection Administration page
  • Navigate to Unified Messaging > Unified Messaging Services and select Add New
  • On New Unified Messaging Service page, select OAuth 2 as Web-Authentication Mode for Office 365. Enter the Application ID, Client Secret and Directory ID that you have created on Azure portal.
  • Select Save
  • Search for your Unity Connection user
  • Navigate to Unified Messaging menu option
  • Add above created Unified Messaging Service account
  • Click on Test Connection and make sure you get Success message for accessing user’s outlook account.

So this is it!! Your Unified Messaging is now configured to use OAuth 2.0. I will be following up with another document for troubleshooting tips.

Please share your comments/feedback or any questions regarding this configuration. Let me know any other topics that you may like to see in future.

2 responses to “How to configure Unified Messaging for Cisco Unity Connection with OAuth 2.0”

  1. I’ve verified all settings above. I don’t have access to the azure server so I have to rely on the o365 gods to set that side up, there since of power I guess. They sent me the info to change to oauth2. When I text the service is working the first error I get is “failed to locate Domain Controller via DNS”. The next one is “failed to connect to Exchange CAS server at (”. It does this several times then “could not find an exchange cas server via auto discover dns Sri record” and finally “failed to locate an exchange cas server. Connection will not be able to locate exchange subscriber”

    I suspect there is something blocking on our firewall but can’t find out what, or I’m totally lost in what I’m doing. Any suggestions on how to fix would be appreciated.

  2. Hey Mark.. There are few points that we can check here.
    1. When you click on Test under Unified Messaging -> Unified Messaging Service -> select your service account, then does it show successful ?
    2. What is username / password used under “Account Used to Access Exchange” section ? Is it Service account created on AD with Application Impersonation role ?
    3. What is configured under “Active Directory DNS Domain Name*” ?
    4. Can you verify Application (Client) ID* , Client Secret* and Directory ID* values with your Azure / Office 365 team ?
    I hope this will be helpful.