Configuring Microsoft Teams

This topic explains how to configure Microsoft Teams on both in Microsoft and then in Brightspot.

Creating bot resources in Azure:

1. Register an application with the Microsoft identity platform.
   
   • The redirect URL should be https://<your-brightspot-cms-domain>/cms/microsoft/auth (for example, https://cms.brightspot.example.com/cms/microsoft/auth). Ensure that the URL is not protected by basic authentication.
   • For credentials, create a client secret and save it.
   • Copy and save the application's Client ID, Tenant ID, and Client Secret values, as you will need these values to create a Microsoft app in Brightspot.
2. Create an Azure Bot resource via the Azure dashboard or Azure CLI.
   
   • If you created an app in the previous step, select Use existing app registration and enter your existing Client ID and Client Secret from the previous step.
   • If you did not create an app in the previous step, copy and save the application's Client ID, Tenant ID, and Client Secret, as you will need these values to create a Microsoft app in Brightspot.
3. Navigate to the Configuration page and provide the following messaging endpoint: https://<your-brightspot-cms-domain>/microsoft/teams/api/messages (for example, https://www.cms.brightspot.example.com/microsoft/teams/api/messages). Ensure that the endpoint is not protected by basic authentication.
4. Connect a bot to Microsoft Teams. Once connected, copy and save the address of the Open in Teams link under the Action column.
   

Configuring the app in Brightspot:

1. Log in to Brightspot.
2. Click menu > Admin > Sites & Settings > Sites > Global.
3. Click search, located to the left of more_horiz, and type Microsoft Teams.
4. Under Account for App Installation, click the button to be redirected to Microsoft to authenticate. You redirect back to Brightspot after authentication, and you are prompted to save your settings to activate the admin account.
   
   Note

   Only Microsoft admins are able to authenticate this Microsoft account. If a user other than an admin attempts to authenticate, the attempt fails.
   
   Once a Microsoft admin authenticates with Microsoft, Brightspot associates the admin's account with the Brightspot user account. The Account for App Installation field in Brightspot then converts to a read-only field.
5. Under App for Team Bot, click search to search for an existing Microsoft app. If you have not yet created a Microsoft app in Brightspot, see Adding a Microsoft App.
6. Under Teams Bot URL, select a bot by pasting the address of the Open in Teams link that you copied in Step 4 of this topic.
7. Toggle on Allow App Selection for Notification to allow editors to choose an app for notification in their profile. Enable this toggle in multi-tenant environments.
8. Click Save.

Configuring how end-users consent to applications in Azure dashboard:

End users may not be able to grant permissions to the Brightspot app depending on the user consent settings in Azure. If users are required to submit an approval request to an admin when they sign in with Microsoft via Brightspot, you can configure how end-users consent to applications using Azure Active Directory. If you decide to allow users to consent for permission classified as low impact, add the following permissions: Channel.ReadBasic.All, Team.ReadBasic.All, offline_access, openid, profile, User.Read.

Uploading Brightspot Teams app to an organization's app store:

1. Modify manifest.json by replacing [DOMAIN], [BOT_APP_ID], [PATH_TO_PRIVACY_POLICY_URL], [PATH_TO_TOU_URL] with proper values. For more information, see the manifest.json file. For more information, you can check the manifest.json references.
2. Zip the files in the app directory (manifest.json, bsp-teams-icon-color.png, and bsp-teams-icon-outline.png) and upload the .zip to the organization's app store. You can also manage your apps in the Microsoft Teams admin center.