Configuring FlexDeploy for Teams Operations using User Credentials

Sending teams messages without setting up an Office 365 connector requires an authenticated user to send the messages. This user (or users) is stored in a Teams Messaging Account in FlexDeploy which can be managed at Topology->Integrations->Messaging.

The required prerequisites for sending messages this way are explained below.

This setup method is also required for approving tasks from Microsoft Teams. So, to approve tasks from Microsoft Teams, you must configure BOTH webhooks and a Teams Messaging Integration.

Teams Messaging Accounts

This plugin uses a Teams Messaging Account which contains all relevant credentials to connect to the Teams workspace. Navigate to Topology->Integrations->Messaging and create a new Account with the Provider set to MicrosoftTeams.

Create an Application in the Azure portal

You must create an application in the Azure portal so the Microsoft identity platform can provide authentication and authorization services for your application.

Follow these steps to create the app registration:

  1. Sign in to the Azure portal

  2. If you have access to multiple tenants, use the directory + subscription filter in the top menu to select the tenant in which you want to register an application.

  3. Search for and select Azure active directory.

  4. Under Manage, select app registrations, then new registration.

  5. Enter a Name for your application and specify who can use the application.
     

  6. Select register to complete the initial app registration.

  7. Open application capture application (client) ID and directory (tenant) ID from app registration.

  8. Create a new client secret and capture client secret.

  9. Create API permissions

    Select API permissions > Add a permission > Microsoft Graph

Select delegated permissions.  You can type the names of these permissions in to filter and find the necessary permissions quickly. The 7 or 8 permissions you need are:

  • Channel.ReadBasic.All

  • ChannelMessage.Send

  • Chat.ReadBasic

  • ChatMessage.Send

  • Team.ReadBasic.All

  • User.ReadBasic.All - This permissions is required to approve tasks through Microsoft Teams.

  • Chat.ReadWrite - This permission is only needed when chatting to individual users, the first time that a message is send to that user.

  • Group.ReadWrite.All - Only needed if the user is not a member of the team(s) to which they are sending messages. This permission is optional.

The following image shows the minimum permissions required to send messages to teams and users.
After adding them all, click the Grant admin consent button. You should see checkmarks by each permission in the status column.

Setting up Certificates

You may need to install the certificate for https://graph.microsoft.com/.default into your Java keystore. If this is the case, you will get an error about building a certificate path.

Supported Versions

  • All Microsoft Teams versions are supported.

Key Features

  • Send messages to a Microsoft Teams channel or user.

The following macros are not currently supported in the footer:
  • style