Configuring MS Teams for Interact
Overview
You will need to do the following activities:
- Create a new Enterprise application within Azure Portal
- Configure Interact for Teams authentication
Azure Settings
Create a new Enterprise application within Azure with the following settings.
Navigate to overview/app registrations & click create new registration.
Enter application name, this can be anything suitable for the application.
Select single-tenant account types, to ensure only accounts within your organisation can use the teams application.
The page must be set up as a single page application
In the section titled "Redirect URI (Optional)"
- Select single-page application (SPA)
- Enter value
https://{Your Site Address}/MicrosoftTeams/Display
Click Register

Authentication
- Navigate to the authentication tab
- Enable Access Tokens & ID tokens.

Expose an API
Set up the following scopes & authorised client applications for the Teams API to access user details.
-
Application ID URI :
api://{WebsiteUrl}/5e3ce6c0-2b1f-4285-8d4b-75ee78787346
This is the authorised client Id for Microsoft Teams which will be added below. -
Scope :
access_as_user
This scope is utilised by the Teams Authentication Library, must be in this exact format. (see below image) -
Authorized client applications
1fec8e78-bce4-4aaf-ab1b-5451cc387264
5e3ce6c0-2b1f-4285-8d4b-75ee78787346
- These client Id’s are the Teams Desktop & mobile / Web application identifiers and used for the Teams Authentication Library to communicate with this app registration.


Add scope settings
Api Permissions
Add the following permission: access_as_user
which will have become available since adding it as a scope in the previous section. This scope is utilised by the Microsoft Teams Authentication Library, therefore required to access the user from the Teams client.
- Click Add Permission
- My APIs tab
- Click on the New Created Application name
- Tick the access_as_user Checkbox
- Add permissions

Configuring Interact for Teams MSAL Settings
The settings required for Teams authentication are found at
Application Settings > Control Panel > Manage Security > Manage MSAL Authentication

A new Teams configuration can be set here to allow a Teams user to authenticate silently against their intranet and load it up as an integrated Teams App within Teams Desktop/Mobile/Web app as below. The application title will match the name configured for the integration.

Title: Can be any relevant name for the application. This will be used as the name of the application within Teams.
-
Description: Will also populate the Teams application description.
Application ID is the Client ID of the application. We are integrating into Teams which has the following 2 Client IDs:1fec8e78-bce4-4aaf-ab1b-5451cc387264
← Team Mobile/Desktop app5e3ce6c0-2b1f-4285-8d4b-75ee78787346
← Teams Web app
-
Directory Tenant ID is the Tenant ID can be found in the Azure App registration
-
Application ID URI: Can be found on the overview page of the azure app registration. It is uses the following format:
api://{Site domain}/5e3ce6c0-2b1f-4285-8d4b-75ee78787346
-
Scope: Must be access_as_user as this is the scope used by Microsoft Teams.
-
Redirect URI: This is the location of the Teams Application view. It can be found at:
https://{site domain}/microsoftTeams/Display

Once complete, save, then reopen the edit page (click the 3 dots). There should now be a "Generate Manifest" button. Click to generate a manifest for Microsoft Teams Integration. Follow the next phase of set up which can be found here: Generate Manifest]
Once those steps are complete, please contact our Technical Support team, who will perform one final step before making your intranet available in the Teams App.
Updated about 1 month ago