Powered by Algolia

    Microsoft Teams connector

    The Teams connector provides integration between OpenIAM and the Microsoft Teams application. Currently, the Teams connector supports only synchronization operations.

    Prerequisites

    To install and use the Teams connector properly, ensure that the following prerequisites are met:

    • Windows Server 2016 or a newer version of the Windows Server OS.
    • .NET Framework 4.8 or any newer version from the Classic .NET family.
    • The MicrosoftTeams PowerShell module must be installed (see the Preparing the environment section for more details).
    • Connector machines must have an internet connection enabled to connect to the Azure tenant via the MicrosoftTeams PowerShell module.

    Preparing the environment

    In this scenario, it is assumed that the installation is performed on a clean instance of Windows Server 2016 (the minimum required version of Windows Server to run the connector). Follow the steps below to prepare the environment.

    As mentioned earlier, Windows Server 2016 is used in this installation scenario, so .NET Framework 4.8 is not available out of the box. To install it, go to the official Microsoft download page and download the .NET Framework 4.8 Runtime installation package, then install it.

    Note:The link above was valid at the time this article was written (February 2024). If it is no longer available, please search the official Microsoft website for the .NET Framework 4.8 download.

    Installing the MicrosoftTeams PowerShell module

    Before installing the module, check whether it is already installed. Open a PowerShell console and run the following command:

    Get-Module MicrosoftTeams -ListAvailable

    If you receive an empty result as shown below, the module is not installed.

    PS C:\user\system32> Get-Module MicrosoftTeams -ListAvailable
    PS C:\user\system32>
    PS C:\user\system32>

    If the output is different and displays details about the module, it means the module is already installed. In this case, you can skip the installation step.

    To install the MicrosoftTeams module, run the following command:

    Install-Module -Name MicrosoftTeams -Scope AllUsers

    Once the module is installed, you can verify the installation using the command shown earlier. The output should look similar to the example below (versions may vary).

    PS C:\user\system32> Get-Module MicrosoftTeams -ListAvailable
    

        Directory: C:\Program Files\WindowsPowerShell\Modules
    

    ModuleType Version Name ExportedCommands
    

    Script 7.6.0 MicrosoftTeams {Add-TeamChannelUser, Add-TeamUser, Connect-MicrosoftTeams...}
    

    PS C:\user\system32>

    Additional information is available on the Microsoft website.

    Registering the connector application

    The Teams connector authorizes on the Entra ID (Azure) side using a certificate. This step requires two actions:

    1. Generating a self-signed certificate
    2. Creating an application in Entra ID (Azure) and configuring it

    Generating the application certificate

    Use the following commands to generate the application certificate for Entra ID.

    $certname = "Teams_connector"
    

    New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256 -NotAfter (Get-Date).AddYears(10)

    Creating an application in Entra ID (Azure)

    This step requires the following actions. After completing them, you will be able to use Entra ID for your Teams connector.

    1. Go to the Entra ID (Azure) portal and select App registrations.

    App registration icon

    1. Select New registration.

    New registration

    1. Enter a name for the application and click Register.

    New app registration

    1. Export the generated certificate without the private key from the certificate store using the MMC console.

    Certificate Certificate 2

    1. Return to the created application in the Entra ID (Azure) portal and select Certificates & Secrets.
      Open the Certificates tab and click Upload certificate. Choose the exported certificate from MMC and upload it.

    Certificate 3 Certificate 4 Certificate 5

    1. Go to the API permissions section. Add the Organization.Read.All and User.Read.All Application permissions from the Microsoft Graph API, then click Grant admin consent.

    API permissions API permissions 2 API permissions 3 API permissions 4

    1. In the Entra ID (Azure) search panel, type Roles and administrators and select Microsoft Entra roles and administrators.

    Roles and Administrators

    1. In the search field, type Teams Administrator and select the Teams Administrator role.

    Teams administrator

    1. Click Add assignments.

    Teams administrator 2

    1. In the search field, type the name of your created application, select it, and click Add.

    Adding application Adding application 2

    Your application is now ready to use. Additional information is available on the Microsoft website.

    Configuring the OpenIAM managed system

    When configuring the managed system on the OpenIAM side, follow the standard steps described in this document. Use the following values for the Teams managed system:

    • URLTenant ID
    • LoginApplication ID
    • PasswordThumbprint of the generated certificate

    Managed system config

    Previous
    Building a custom PowerShell connector for OpenIAM
    Next
    Using PowerShell connectors