Creating a Teams App and app configuration

In order to use Microsoft Teams, an app will be need to be created to allow access to Microsoft Teams.

 

Prerequisites

  • Your company must have Azure
  • The user account that creates the app must be present in the Azure AD directory of your company and have the rights to create apps (this is possible by default unless limited by an admin)
  • A global admin will have to go to an admin consent url in order to allow accounts of this Azure AD directory to use it, since Teams requires permissions normally reserved for admins. By consenting a global admin allow regular users to have these permissions in the app.

 

Guide

This Azure application can be used by both the Snapper as well as the Web Extension Window, to authenticate Agents and provide them a full featured experience.

 

  1. Navigate to https://portal.azure.com

  2. Select ‘Azure Active Directory’

  3. From here collect your tenant domain for later use (e.g. domain.com or domain.onmicrosoft.com)

  4. Select ‘App registrations’

  5. Click ‘New Registration’

    1. Give the application a name (e.g. A365-Azure-Application)

    2. Under ‘Supported account types’ select ‘Accounts in any organizational directory’

    3. Add the following redirect URI

      Type: Web

      Redirect URI: http://localhost:4200

  6. Click ‘Register’

  7. Select ‘Authentication’

    1. Add the following redirect URIs

      1. Type: Web

        Redirect URI: https://<external-facing-fqdn-A365-server>/wew/

      2. Type: Web

        Redirect URI: https://<external-facing-fqdn-A365-server>/wew

      3. Type: Web

        Redirect URI: https://<external-facing-fqdn-A365-server>/wew/tab-auth/silent-end

      4. Type: Public client (mobile & desktop)

        Redirect URI: urn:ietf:wg:oauth:2.0:oob

    2. Under ‘Suggested Redirect URIs for public clients (mobile, desktop)’ check all three options

      1. msal<application_client_id>://auth

      2. https://login.microsoftonline.com/common/oauth2/nativeclient

      3. https://login.live.com/oauth20_desktop.srf

    3. Under ‘Implicit grant’ select both options:

      1. Access tokens

      2. Id tokens

    4. Double check if ‘Supported account types’ is set to:

      1. Accounts in any organizational directory

  8. Click ‘Save’

  9. Click ‘Certificates & Secrets’

    1. Click ‘New client secret’

      1. Fill in a description (e.g. A365 Client Secret)

      2. Select ‘Expires never’

    2. Click ‘Add’

    3. Copy the client secret value and paste it for later use

  10. Click ‘API Permissions’

    1. Click ‘Add a permission’

    2. Click ‘Microsoft Graph’

    3. Click ‘Application permissions’

    4. Click ‘Expand all’

    5. Select ‘All permissions’

    6. Click ‘Update permissions’

    7. Click ‘Add a permission’ again

    8. Click ‘Azure Active Directory Graph’

    9. Click ‘Application permissions’

    10. Select ‘All permissions’

    11. Click ‘Add permissions’

    12. Now scroll down until you see the button to grant consent for your organization

    13. Click ‘Grant consent for <organization name>’

  11. Click ‘Overview’

    1. Collect the following values for later use:

      1. Application (client) id

      2. Directory (tenant) id

    2. You should now have a working Azure application along with the following values:

      1. Tenant domain name

      2. Client secret

      3. Application (client) id

      4. Directory (tenant) id