To use Totara with Microsoft Teams you will need to set up your own app. This page outlined outlines how to create and update your app.
...
- Log in to your Microsoft account at https://admin.teams.microsoft.com/.
- Navigate to Teams App > Manage Apps and select Org-wide App settings.
- Check the Allow third-party apps setting and save.
Tip |
---|
You can find out more about preparing your Office 365 tenant in Microsoft's documentation or sign up for a Microsoft Teams account. |
...
- In the Authentication blade click Add Platform then select Web.
- Enter https://[your.totara.site]/admin/oauth2callback.php for the Redirect URI and https://[your.totara.site]/totara/msteams/sso_logout.php for the Logout URL, then Save. If you use a different folder than 'admin', use that one instead.
- Add one more Redirect URI: https://[your.totara.site]/totara/msteams/oidc_login.php then Save.
- In the Expose an API blade click Add Scope and enter api://[your.totara.domain]/[Application (client) ID], then select Save. This will be used in the Totara integration settings, but is only necessary if you require Single Sign-On.
- Enter the following scope properties:
- Scope name: 'access_as_user'
- Who can consent: Admin and user
- Admin consent display name: 'Teams can access the user's profile'
- Admin consent description: 'Allows Teams to call the app's web APIs as the current user.'
- User consent display name: 'Teams can access your user profile and make requests on your behalf'
- User consent description: 'Enable Teams to call this app's APIs with the same rights that you have.'
- State: Enabled
- Click Add a client application.
- Add Teams desktop/native client: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 and Add Teams web client: 5e3ce6c0-2b1f-4285-8d4b-75ee78787346.
- In the API permissions blade click Add permission and select the following permissions under Microsoft Graph > Delegated permissions:
- offline_access
- openid
- profile
- User > User.Read
- Save your selection and click and confirm Grant admin consent for [tenant name].
- In Certificates & Secrets blade click New client secret.
- Give it a Name, choose the Expiration period and Save.
- Make a note of the Client Secret value, as this will be required later in the process.
Step 3: Create a Bot in Azure (optional)
...
- Log in to Microsoft Azure at https://portal.azure.com/.
- Navigate to Applied AI services > Bot services.
- Click Create, then scroll down and click Load more, then select Azure Bot.
- Click Create and complete the form with the following details:
- Bot Handle: Any unique handle of your choice
- Subscription: Select your existing subscription
- Resource group: Select an existing group or create a new one
- Location: For new resource groups select the location of your choice (choose somewhere close to your server)
- Pricing tier: Click change plan and select the F0 (free) tier
- Microsoft App ID:
- For Type of App select Multi Tenant
- For Creation Type select Create new Microsoft App ID
- Click Review and Create, then Create, then Go to resource
- You can optionally personalise the icon and name for the bot under Settings > Bot Profile > Icon & Display Name.
- Under Settings > Configuration enter:
- Messaging endpoint: https://[your.totara.site]/totara/msteams/botindex.php, then click Apply.
- Under Settings > Channelsclick Microsoft Teams under Available Channels. Agree to the Terms of Service. Select the appropriate Messaging setting (probably Microsoft Teams Commercial), then click Apply, then Close.
- Navigate to App registrations and select the newly created bot.
- Make a note of the Application (client) ID, as this will be used as the Bot app ID in the Totara integration settings later in the process.
- On the Manage > Certificates & Secrets page, delete any existing secret, then click New client secret.
- Give it a Name, choose the Expiration period and Save.
- Make a note of the Client Secret for Bot value, as this will be required later in the process.
Step 4: Prepare the Microsoft Teams extension in the Totara admin settings
...