Skip to main content

Integration: Innovaphone

The following describes how to integrate OpenTalk seamlessly into the Innovaphone myApps/PBX. The PBX must be available in at least version 137781.

You also need an existing OpenTalk installation, a description of how to install OpenTalk on premise can be found here: https://gitlab.opencode.de/opentalk/ot-setup

OAuth2 basic settings

Navigate within myApps as follows: Devices > PBX > Config > Authentication

  • Select the Authentication type: PBX and OAuth2
  • Set an OAuth2 provider name, e.g: Innovaphone auth. with OpenTalk
  • Set the OAuth2 domain, or the URL to your OpenTalk installation: opentalk.yourdomain.com
Innovaphone PBX

Activate and set up OAuth2

Navigate within myApps as follows Devices > Services > OAuth2 > Config.

The OpenID known configuration URL is always made up of the domain for the keycloak and the realm name. So please replace the above part accounts.opentalk.yourdomain.com with your own keycloak domain. The realm name above is the realm you have configured in Keycloak. If we assume that the Keycloak installation is based on the provided OpenSource installation (https://gitlab.opencode.de/opentalk/ot-setup) and no changes have been made to the realm, the realm name is opentalk.

Tip: The OpenID known configuration URL can be tested by calling it in a browser, if successful a JSON is returned confirming the correct URL for the known configuration.

Innovaphone OAuth2.

Verify OAuth2 configuration

Navigate within myApps as follows: Devices > Services > OAuth2 > State

You have the option to check the configuration from the previous steps independently, if all parameters have been set correctly, the test result should be as follows:

Verify OAuth2 configuration

Innovaphone LDAP and Keycloak User Federation

Navigate within myApps as follows: Devices > Services > LDAP > Server

  • Set an LDAP user that is used within Keycloak as a service user for LDAP queries
  • Activate the Force TLS option in any case

First select the correct realm in Keycloak, do not edit the master realm in this context. Select "opentalk" or the realm you have created.

Navigate within the Keycloak as follows: User federation > Add new provider > LDAP Connection URL: ldaps://pbx.yourdomain.com:636 Use Truststore SPI: Only for ldaps ** Bind type: simple

The other settings and options under LDAP searching and updating depend heavily on the type of use of the Keycloak LDAP connection, e.g. should the user creation be realized via Keycloak or should everything be managed centrally via Innovaphone.

This must be decided and set up depending on the use case.