Creating a Teams App and app configuration

In order to use Microsoft Teams, an app will be need to be created to allow access to Microsoft Teams.

Note Teams is still in beta, so it is possible the setup and permissions required will change once it is out of beta.

 

Prerequisites

  • Your company must have Azure
  • The user account that creates the app must be present in the Azure AD directory of your company and have the rights to create apps (this is possible by default unless limited by an admin)
  • A global admin will have to go to an admin consent url in order to allow accounts of this Azure AD directory to use it, since Teams requires permissions normally reserved for admins. By consenting a global admin allow regular users to have these permissions in the app.

 

Guide

  1. Go to https://apps.dev.microsoft.com/ and login with a work account. This requires that your company has Azure. Any account present in your Azure will do (so it does not need to be an admin).
  2. You will end up on the application registration portal. If not, go to this url: https://apps.dev.microsoft.com/#/appList. Choose add an app at Converged Applications.
  3. This will take you to the register app screen, choose a name for your app, then choose create.

  1. You will now see app settings screen. You will also see a message to which Azure AD Tenant the app belongs. Check that this is the correct Azure environment. You will also the see the application id, which we will use in the admin consent url and in the attendant to access the app. The app is at this point also added to your application list under converged applications. Clicking on the app there will take you to the same settings screen.

  1. Go to platform and choose Add Platform. Choose Native Application. This will mark your app useable as a native application. The data generated afterwards can be left alone, we do not need to alter any of this.

  1. Under Graph Permissions we need to add two delegated permissions. Delegated permissions are meant for apps that require the user to login themselves. By default User.Read is already set, you can remove this setting since we will use a higher level permission of this. The two permissions you need to add are User.Read.All (In order to have access to the teams you are part of) and Directory.Read.All (In order to see the members of each team you are part of). Both these permissions require the admin consent of a global admin before a non-global admin user can access this data.

  1. The last thing that we need to do is to add to the app is the homepage url. This works as the return url in the app. This does not have to be an existing url, the default is http://localhost. The return url in the attendant will have to match the url you set here.

  1. Finally, go to the bottom of the page and click save to update all the settings. In order to give admin consent you can use the link below, replace clientid marked in red with the id of your application. You can also do this from the settings page of the teams plugin in the attendant. Login as a global admin and accept the permissions given here. After this is done regular users can also make use of the Teams App. https://login.microsoftonline.com/common/adminconsent?client_id=[clientid]&state=12345&redirect_uri=http://localhost.