Deploying the VFC Record Teams Application on the Organization's MS Teams Tenant

Owned by Gerry Durning
Last updated: Feb 27, 2024 by Zszugyi
3 min read

In order to complete the steps below, you must have the appropriate privileges within the Organization's Microsoft Teams Tenant to create and publish a Teams Application.

Deploying the VFC Record Teams Application on the Organization's MS Teams Tenant consists of the following steps:

Adding the VFC Record Teams App

Step 1 - Logon in to MS Teams Developer Portal https://dev.teams.microsoft.com/home 

Step 2 - Navigate to “Apps”, and click on “New app“

Step 3 - Give the application a name "VFC Record" and click on “Add”.   

Step 4 - Make a note of the App's generated App ID.


Step 5 - Register an Azure AD Application for the Teams App.  Logon to Microsoft Azure https://portal.azure.com/ with an admin account of the tenant’s, navigate to "App registrations" area and register a new app

    • Give it a name: Example “VFCRecording Control App”

    • Choose "Accounts in this organizational directory only (* only - Single tenant)" in "Supported Account types"

    • Leave "Redirect URI" empty.

    • Make a note of the app’s generated "Application (client) ID" and "Directory (tenant) ID"

Configure the Microsoft Entra ID (formerly Azure AD) Application

Step 6 - The application focus should be under the newly registered app, go to Authentication page.  Replace [VERBA-BASE-URI] in the following URIs with the base URI of Verba Web Application server and them to a new Web platform:



Step 7 - Replace [VERBA-BASE-URI] in the following URIs with the base URI of Verba Web Application server, [AZURE-APP-ID] with the Azure app id you noted above, and add them to a new SPA platform:

    • [VERBA-BASE-URI]/ssoMsal

    • [VERBA-BASE-URI]/msTeamsApp/spa/auth-end.html?clientId=[AZURE-APP-ID]

    • [VERBA-BASE-URI]/msTeamsApp/spa/blank-auth-end.html



Step 8 - Enter a dummy URL for “Front-channel logout URL”. Example https://myapp.com/logout. It’s not used in the VFC Record Teams application.

Check off these 2 options:

    • Access tokens (used for implicit flows)

    • ID tokens (used for implicit and hybrid flows)



Step 9 - Save all the changes


Configuring Permissions. 

Step 10 - Create a new  client secret. Take note of the ID and Value.


Step 11 - Under "API permissions", add these permissions:

Microsoft Graph (8): these are part of Microsoft Graph.

    • Directory.Read.All : this and the next 2 are "Applicaiton" permissions. Used for user sync with Verba server.

    • Group.Read.All

    • User.Read.All

    • User.Read (this is already there by default)

    • email: this and the next 3 are "delegated permissions", of "OpenId permissions"

    • offline_access

    • openid

    • profile


Step 12 - Under "Expose an API", set "Application ID URI" to "api://[VERBA-SERVER-DOMAIN-NAME]/[AZURE-APP-ID]"

Example "api://verbapool1app.demolab.com/3eddffff-0b0b-5d9b-41d4-2b2a292c529e"

Step 13 -  Add a new scope, for example "access-as-user", and enable the scope.  Configure "Admins and users" for "Who can consent?" property

Enter the following consent message for admins:

    •   Read user files

    •   Allows the app to read the signed-in user's files

Enter the following consent message for users:

    •   Read your files

    •   Allows the app to read your files

Under "Authorized client applications" section, add these 2 client ids (for desktop/mobile MS Teams  and webbase MS Teams), These are to allow MS Teams to request permission for access

    • 5e3ce6c0-2b1f-4285-8d4b-75ee78787346

    • 1fec8e78-bce4-4aaf-ab1b-5451cc387264

Under Manifest, update "accessTokenAcceptedVersion" field to 2: