Configuring MS Teams for Interact

Overview

You will need to do the following activities:

  • Create a new Enterprise application within Azure Portal
  • Configure Interact for Teams authentication

Azure Settings

Create a new Enterprise application within Azure with the following settings.

Navigate to overview/app registrations & click create new registration.

Enter application name, this can be anything suitable for the application.

Select single-tenant account types, to ensure only accounts within your organisation can use the teams application.

The page must be set up as a single page application
In the section titled "Redirect URI (Optional)"

  • Select single-page application (SPA)
  • Enter value https://{Your Site Address}/MicrosoftTeams/Display

Click Register

1042

Authentication

  • Navigate to the authentication tab
  • Enable Access Tokens & ID tokens.
975

Expose an API

Set up the following scopes & authorised client applications for the Teams API to access user details.

  • Application ID URI : api://{WebsiteUrl}/5e3ce6c0-2b1f-4285-8d4b-75ee78787346
    This is the authorised client Id for Microsoft Teams which will be added below.

  • Scope : access_as_user
    This scope is utilised by the Teams Authentication Library, must be in this exact format. (see below image)

  • Authorized client applications

    • 1fec8e78-bce4-4aaf-ab1b-5451cc387264
    • 5e3ce6c0-2b1f-4285-8d4b-75ee78787346
    • These client Id’s are the Teams Desktop & mobile / Web application identifiers and used for the Teams Authentication Library to communicate with this app registration.
1264
559

Add scope settings

Api Permissions

Add the following permission: access_as_user which will have become available since adding it as a scope in the previous section. This scope is utilised by the Microsoft Teams Authentication Library, therefore required to access the user from the Teams client.

  • Click Add Permission
  • My APIs tab
  • Click on the New Created Application name
  • Tick the access_as_user Checkbox
  • Add permissions
1572

Configuring Interact for Teams MSAL Settings

The settings required for Teams authentication are found at
Application Settings > Control Panel > Manage Security > Manage MSAL Authentication

752

A new Teams configuration can be set here to allow a Teams user to authenticate silently against their intranet and load it up as an integrated Teams App within Teams Desktop/Mobile/Web app as below. The application title will match the name configured for the integration.

1011

Title: Can be any relevant name for the application. This will be used as the name of the application within Teams.

  • Description: Will also populate the Teams application description.
    Application ID is the Client ID of the application. We are integrating into Teams which has the following 2 Client IDs:

    • 1fec8e78-bce4-4aaf-ab1b-5451cc387264 ← Team Mobile/Desktop app
    • 5e3ce6c0-2b1f-4285-8d4b-75ee78787346 ← Teams Web app
  • Directory Tenant ID is the Tenant ID can be found in the Azure App registration

  • Application ID URI: Can be found on the overview page of the azure app registration. It is uses the following format:

    • api://{Site domain}/5e3ce6c0-2b1f-4285-8d4b-75ee78787346
  • Scope: Must be access_as_user as this is the scope used by Microsoft Teams.

  • Redirect URI: This is the location of the Teams Application view. It can be found at:

    • https://{site domain}/microsoftTeams/Display
521

Once complete, save, then reopen the edit page (click the 3 dots). There should now be a "Generate Manifest" button. Click to generate a manifest for Microsoft Teams Integration. Follow the next phase of set up which can be found here: Generate Manifest]

Once those steps are complete, please contact our Technical Support team, who will perform one final step before making your intranet available in the Teams App.