Luware Knowledge

Portal Admin Release Notes
Home Nimbus Administration Tenant Administration

Extensions Tenant Settings

Configure behavior of Nimbus UI Extensions and Apps

🔍 Here you can configure all additional Nimbus extensions and separately enabled Nimbus Features.

💡 Note that certain extensions may be configured but will not take effect until the licenses for your users (User Administration) and services (Service Administration) are applied.

Outbound

Option / Element Description
Max Scheduled Outbound Tasks per service

Limits the maximum outbound tasks per service that can be simultaneously scheduled / in progress

Default 20 / Min 1 / Max 50

 

🔍 Note: Outbound Tasks – same as inbound tasks – are distributed among available Nimbus users and shown in the Personal Dashboards > in the "Service Outbound Tasks Tabular" widget. Tasks are scheduled using the Microsoft Power Automate Connector > Flow Actions. Once the limit is reached, a flow error is returned and the task will be discarded.

Interact

Configures options for Interact, an optional feature of Nimbus. If you want to learn more head over to our Luware Solutions page.

Option / Element Description
Interact enabled

The global setting which activates Interact for Nimbus

  • When enabled, the calls in Interact will reach an agent in Teams.
  • When disabled, the calls in Interact will not reach an agent, even if the tenant is configured for Interact calls.

🔍 Enabling this requires you to fill in an ACS connection string. Refer to our Use Case - Setting up Interact which explains setup steps in detail.
ACS connection string

Connection string for Azure Communication Services. Required to use Interact

🔍 Learn how to generate this string via the Microsoft Documentation .

✅ "Check"- performs a check if it's possible to create a token for the user using this string. If the connection fails (with a correct string) it most likely means there are insufficient permissions.
O365 UserID ID of the user on behalf of whom meetings on the backend will be created.
Widget Key

Random guide generated for the Tenant. The key is sent with each request to the backend and checks the validity of the widget, depending on which it either allows or rejects the request for the backend.

  • "Copy" - copies the guide value for (future) use in a web client.
  • "Refresh" - updates the guide with a new one.
Session recovery timeout in seconds

Time in seconds before a closed session is ended permanently. 

Default: 20; Min: 5; Max: 60.

KNOWN ISSUE Currently the timeout behavior is different between a direct (to Agent) conversation and a Service-distributed conversation:

  • On a direct conversation: A session timeout starts when the customer leaves the conversation. When an agents leaves an ongoing conversation, they are re-invited if the customer rejoins within the timelimit.
  • On a service conversation: The session is only restored when the agent remains in the conversation. When the agent leaves, a new session is started (including a complete re-execution of the IM workflow).
Authorization

Determine if a session requires further authentication:

  • None (default) - when set, the token is not verified. 
  • Verify Token - when set, verifies the validity of the token. The error will occur if the token is expired or invalid.
  • Verify Token & Tenant - when set, verifies the validity of the token and that it belongs to a certain tenant.

Learn how to set up authorization...

Use Case - Enabling additional authorization for Interact

In this use case, we're going to describe how you can set up an access token to be used for Interact.

🔍 This use case is optional in case you want to verify user access additionally via tokens in your Tenant Administration > Interact settings.

Steps below refer directly on the Daemon application MSFT help article and the subchapters. 

 

Create an Azure Application

  • Add a new app under app registrations in the Azure Portal
  • Preferably a single tenant application
  • No reply-URL needed for the client-credential flow (standard OAuth 2.0 client credentials grant)

🔍 Refer to: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration

Generate Secret/Certificate

  • Generate a secret or certificate which will be used as the applications credentials

🔍 From https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration

To add credentials to your confidential client application's app registration, follow the steps in Quickstart: Register an application with the Microsoft identity platform for the type of credential you want to add:

Create own Daemon App with .NET/Java/Node/Python

  • Based on the language instantiate the confidential client application with the client secret or the certificate

🔍 Refer to the table on https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-configuration?tabs=dotnet

Acquire a token and pass it to the SDK

  • Based on the language instantiate the confidential client application with the client secret or the certificate

🔍 Refer to: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-acquire-token?tabs=dotnet

 
 

Assistant

Configures options for Assistant, an optional feature of Nimbus.

Option / Element Description
Use your own ACS Instance

Toggle. Enable when you have your own Azure Communication Services instance.

🔍 Enabling this requires you to fill in an ACS connection string. Refer to Use Case - Setting up Assistant which explains the setup steps in detail.
ACS connection string

Connection string for Azure Communication Services. Required to use Assistant with your own ACS instance.

🔍 Learn how to generate this string via the Microsoft Documentation .

💡 Once a string is entered a "Check" option verifies if it's possible to create a token for the user using this string. If the connection fails (with a correct string) it most likely means there are insufficient permissions.

Attendant Console

Allows to configure an MS Graph Filter that automatically limits the search used in Attendant Console

Option / Element Description
Global Contact Search MS Graph Filter

Uses the MS Graph REST API to filter1 users according to your tenant admin account permissions. This filter will be applied to the O365 like Attendant Console to provide internal Nimbus users a narrowed-down pool of search results. 💡 By default this filter (textbox) is empty, allowing users to perform a search on your entire tenant.

 See: https://docs.microsoft.com/en-us/graph/api/overview

☝ Please note that this field requires only parameters for the "filter" field of a MS graph query, not the whole API request URL. Keep this in mind when using MS Graph Explorer to test, copy & paste your updated filter parameters.

💡 End-users will not see this filter in the frontend UI, but will have search results narrowed down accordingly.

🔍 Refer to our Use Case - Filtering Attendant contact search via MS Graph.

Example filter for users within domain and preferred language:

endsWith(userPrincipalName,'onmicrosoft.com') and preferredLanguage eq 'en-GB'
 

NOTES AND KNOWN LIMITATIONS

KNOWN LIMITATION The filter will be applied to all O365 accounts, including those of Nimbus Services! Overly strict filters may limit the Nimbus users' capability to forward calls via search.

  • This text field does not perform validity checks for correct syntax. → Please refer to the official MS Graph REST API documentation for details.
  • Nimbus combines both visible and backend filters with an 'AND' clause. When a frontend user (e.g. via Attendant Console) searches within the same fields as defined in your query there can be a clash. 
  • Depending on the field(s), on which the filter is applied, additional permissions might be required for Nimbus to make a query on your behalf. Without these permissions, search functions in Attendant Console might not work at all.
  • If the filter query is broken for any reason (e.g. missing permissions, typos, syntax) the search in any Frontend may not show any results at all.
 
Team Visibility in Attendant Console

The Attendant Console search allows to forward calls to Nimbus teams and services. To avoid bypassing queues of services, the visibility of team members can be hidden.

  • Do not show any members - Only limits the search to Nimbus services and their overall availability. No individual team members are shown.
  • Shown own members - will only show available team members of Nimbus services that the Attendant user themself is a part of.
  • Show all members - will show the availability of all team members of any Nimbus service.

Presence Tracking

"Presence Tracking" allows Nimbus to make smarter routing decisions by determining if your users are already in a Teams call (non-Nimbus). Please note that a few steps are required on your Microsoft Tenant for this feature to work. Read the instructions below carefully and contact Support in case you need assistance. 

Track Presence over Guest Accounts

Allows you to use two Luware-provided guest accounts which enable Nimbus to poll the extended presence status on all users within your Tenant.

🔍 Also see related Microsoft Documentation: User Presence States in Teams .

☝ If you want to keep using "Presence Privacy mode" on your Tenant you need these guest account. Otherwise Nimbus cannot route anything.

🤔 Why is this necessary?

Without a guest presence account, Nimbus can only retrieve a simplified presence status such as "Busy" "Away" or "Available" for your users. For extended status presence such as " Busy → In a Call " or " Busy → In a Conference " these presence accounts are required to improve call routing. When activating the presence tracking feature, call handling is handled according to the MS Teams status as follows:

Calls are delivered while Calls are NOT delivered while

Available

Busy*

Busy in a Meeting*

  • Away*
  • Busy in a call
  • in DND (Do Not Disturb)
  • Offline

*Only when Distribution Service Settings are set accordingly within the individual Service.

With extended presence enabled, Nimbus can now distinguish a "Busy" status and plan/avoid call distribution accordingly.

KNOWN LIMITATION For "Away" and "BRB" states the "In a Call" extended status is not returned by Microsoft. W hen any of these status were manually set by users, Nimbus doesn't have additional information whether or the user is already in a call and will follow the plain "Away" status as defined in Distribution Service Settings to route the calls. → As this is a Microsoft-limitation we cannot provide a fix or workaround for this at the moment.
Grant Permission (Copy to Clipboard)
✅ An auto-generated link that you (as Tenant Admin) need to paste into your browser. → Grants the delegated permissions listed below to the Nimbus App. The Azure guest accounts use these to read presence on all users on your tenant.
💡 You can do this step regardless of the Presence Account 1&2 field contents. The permissions will remain even if the guest users change.
Extended permissions are:
  • Presence.Read.All
  • User.Read
  • User.ReadBasic.All

🤔 What are these Permissions used for? Nimbus uses these extended permissions to enable presence-based features, primarily for targeted call distribution and updating availability in the frontend UI. Also read → Track Presence over Guest Accounts above.

✅ To test these permissions y ou need to invite at least one presence account. → See "Presence Account 1&2" and → "Test UPN" below for further details.
Presence Account 1&2

Used for extended presence status tracking on your tenant. Account 2 acts as (temporary) fallback when account 1 does not work for any reason.

🔍 These guest accounts require extended permissions → see "Grant Permission" above.

Click here to learn how to set up Presence Accounts

Use Case - Tracking extended user presence via Azure guest accounts

In this use case, we explain how to track extended user presence. For this you need to invite Nimbus Guest Users to your tenant.

PRECONDITIONS

  • Nimbus Installation is complete and at least one Service is provisioned on your tenant.
  • In extension you should know about the Distribution Service Settings, accessible to you if you are Team Owner or Tenant Admin. 💡 These settings define when service calls are distributed to the users (team members) based on their MS Teams status (Away, DND, etc). More on this will explained below.
  • You require Tenant Administrators rights to access the Nimbus Tenant Administration > "Presence Tracking" section.
    • You also need Tenant Admin credentials to invite guest users within your Azure Portal.
 

🤔 What is extended user presence and why guest accounts?

For an extended status presence such as "Busy → In a Call" or "Busy → In a Conference", these presence accounts are required to improve call routing. Without having guest users on your Tenant as means to check, Nimbus cannot see any extended user presence status.

🤔 What happens after this setting is active?

When activating the presence tracking feature, call handling is handled according to the MS Teams status as follows:

Calls are delivered while Calls are NOT delivered while

Available

Busy*

Busy in a Meeting*

  • Away*
  • Busy in a call
  • in DND (Do Not Disturb)
  • Offline

💡 Note that Nimbus will adhere to Distribution Service Settings, so ensure to check there if your calls are not delivered as expected. 
💡 Note that Nimbus can still forward calls when you are in the middle of doing an outbound calls via Teams, as your presence status will only change when you are in an established call.

🔍 Also refer to the related Microsoft Documentation: User Presence States in Teams.

Guest User Details

✅ Before you can use the extended presence feature you need to invite two guests users to your tenant. The steps are described below.

  1. Within the Nimbus UI > Tenant Administration > head to the "Presence Tracking" section
  2. Take note and mouse over the "Presence Account 1 & 2" user mail addresses to see their details. 
    💡 These accounts are individual to your Nimbus cluster. Examples below have been blurred to prevent mistakes.
  3. Make sure to copy your individual presence account name, including the @ domain ending. The account details will be used in a step below. 
    Screenshot showing two individual presence accounts

Invite Guest Users

INC Invite Azure Guest Accounts

  1.  As Tenant Admin, log into your Azure Portal.
  2. Go to Users > New Users and select “Invite external User”.
     
  3. Invite both guest users 1&2 on your tenant. Add each of the previously copied email addresses (e.g. svr_nimbus_guest@onmicrosoft.com) and click Invite.
    ⮑ A standard Azure invite mail will be sent out to Luware.

    ☝ Note that MFA (Multi Factor Authentication) needs to be disabled for these users. Otherwise this feature will not work as the guest users cannot sign into your tenant.
  4. Let your Customer Success Specialist know that the guest users have been invited.
  5. Please wait while steps are done in the background:
    1. Luware cloud operations team must accept the guest invitations. Please allow for some time for this to happen.
    2. Once successful, the "Account is not added as guest" message should disappear on your side in the Nimbus admin UI.
    3. If this is not the case, please get in contact with the Luware support.

Grant Delegated Permissions

💡 This step can be done in parallel to the previous steps. Once granted, either of the presence accounts will make use of these permissions and no further actions are required on your side.

Copy & paste URL from the "Grant Permissions" area into your browser. This link must be opened by logged-in a Tenant Administrator in order to work.

🤔 Which permissions are granted to these users? Refer to Nimbus Required App Permissions > "Presence Tracking"

Results:

  • Once granted, the "Permission is not granted" note should disappear in the admin UI.
  • You can now enable the "Track Presence Over Guest account" feature and test the status tracking via the "Test UPN" field.

Adjust Your Service Settings

💡 With all previous "track presence" steps successfully performed, Nimbus is now able to distinguish between busy states.

✅  We recommend to check your Service Settings > Distribution > Conversations Distribution tab and have converations "Distributed to the user" even while busy. Nimbus will automatically detect if an existing Nimbus service call is already handled by that user and re-route incoming calls accordingly.

Secure Workaround for MFA

INC Secure Workaround for MFA

In some cases Nimbus will require you to invite Guest Accounts to support extended features on your Tenant. We realize that not using MFA for presence accounts is a big limitation. If your IT policy mandates MFA on all accounts, there is a workaround that whitelists IP ranges. To circumvent this problem you can use the following workaround:

  • Add trusted Locations with the Nimbus Server IP Addresses (Switzerland)
  • Add a conditional access policy to limit the access to the given trusted location.

Learn more…

Add Trusted Location

  1. Go to Named locations within Azure Portal (https://portal.azure.com)
  2. Add a new IP ranges location
  3. Enter a Name and add the IP addresses for the location and check the Mark as trusted location option
  4. Add all IP addresses for the location (see table below)

    and click on Create

Add a conditional access policy

  1. Go to the Azure portal (https://portal.azure.com)
  2. Switch to Conditional Access and select Policies
  3. Select an existing you want to change or create a new policy and configure the Condition section to add your trusted location as excluded from the MFA policy

Nimbus Cluster IPs

Switzerland 01 20.250.90.136 20.250.90.30 20.250.90.31
Switzerland 02 20.250.216.126 4.226.25.247 4.226.26.8
Germany 01 20.52.208.117 20.52.209.237 20.52.208.209
Germany 02 98.67.132.41 98.67.132.74 98.67.132.61
United Kingdom 01 20.49.226.86 20.49.226.93 20.49.226.126
Nimbus Cluster IPs provided by Microsoft (Status 27/02/2024):

Caution: These IPs are configured by Microsoft and can be changed without prior notice.

 
 
 

Troubleshooting

Error  Description Solution

Unknown Error (XX0000) 

Enhanced Presence has been enabled, Guest Accounts have been added, Permissions have been approved, Multi-Factor Authentication has been disabled for the Guest Accounts.

However, the following error message appears when trying to check the status of users: 

Solution A: Change global collaboration settings

  1. Head to In Azure Portal > Users > User Settings > External Users > Manage External Collaboration Settings.
  2. Set the "Guest User Access Restrictions" to either "Most inclusive" or "Limited access" 

This is a global setting and applies to all (future) guest accounts. If you do not want to change this, consider solution B below.

 
 
 

Solution B: Change individual user role assignment

Since the External Collaboration Settings are a global setting, you may not want to relax these rules just for one application. Instead you can just assign a special role to the guest accounts.

  1. Head to In Azure Portal > Users > Nimbus Guest Account > Assigned roles > Add assignments.
  2. In the "Membership" Tab, assign the "Directory Readers" role to the Luware Guest Account(s).
  3. In the "Settings" Tab, ensure the assignment is "Active" and "Permanently assigned"
 
 

After the setting is changed, it may take up to an hour for the Nimbus Enterprise App to properly read the users' presence data.

 
 
 
Test UPN

✅ We highly recommend to live-test the new presence accounts 1&2 individually and check different users on your Tenant to see if the extended presence status updates correctly. 

💡 The extended presence status should be shown / updated immediately. If you encounter problems with this or see an error message, please get in touch with your Nimbus customer success / onboarding contact.

Related Articles

Tenant Administration

The Nimbus Tenant view allows to assign security groups, change tenant details an...

Use Case - Tracking Extended User Presence via Azure Guest Accounts

In this use case, we explain how to track extended user presence. For this you ne...

Service Settings

BEFORE YOU ACCESS SETTINGS     Service settings are available to service (team) o...

Extensions Service Settings

In Extensions Service Settings, you can manage extension Nimbus Features such as ...

Table of Contents