Deploying the VFC Record Teams Application on the Organization's MS Teams Tenant
- Gerry Durning
- Zszugyi
In order to complete the steps below, you must have the appropriate privileges within the Organization's Microsoft Teams Tenant to create and publish a Teams Application.
Deploying the VFC Record Teams Application on the Organization's MS Teams Tenant consists of the following steps:
Adding the VFC Record Teams App
Step 1 - Logon in to MS Teams Developer Portal https://dev.teams.microsoft.com/home
Step 2 - Navigate to “Apps”, and click on “New app“
Step 3 - Give the application a name "VFC Record" and click on “Add”.
Step 4 - Make a note of the App's generated App ID.
Step 5 - Register an Azure AD Application for the Teams App. Logon to Microsoft Azure https://portal.azure.com/ with an admin account of the tenant’s, navigate to "App registrations" area and register a new app
Give it a name: Example “VFCRecording Control App”
Choose "Accounts in this organizational directory only (* only - Single tenant)" in "Supported Account types"
Leave "Redirect URI" empty.
Make a note of the app’s generated "Application (client) ID" and "Directory (tenant) ID"
Configure the Microsoft Entra ID (formerly Azure AD) Application
Step 6 - The application focus should be under the newly registered app, go to Authentication page. Replace [VERBA-BASE-URI] in the following URIs with the base URI of Verba Web Application server and them to a new Web platform:
[VERBA-BASE-URI]/azureGraphApiAuthenticator.do
[VERBA-BASE-URI]/msTeamsApp/spa/auth-end.html
[VERBA-BASE-URI]/ssoAdal
Step 7 - Replace [VERBA-BASE-URI] in the following URIs with the base URI of Verba Web Application server, [AZURE-APP-ID] with the Azure app id you noted above, and add them to a new SPA platform:
[VERBA-BASE-URI]/ssoMsal
[VERBA-BASE-URI]/msTeamsApp/spa/auth-end.html?clientId=[AZURE-APP-ID]
[VERBA-BASE-URI]/msTeamsApp/spa/blank-auth-end.html
Step 8 - Enter a dummy URL for “Front-channel logout URL”. Example https://myapp.com/logout. It’s not used in the VFC Record Teams application.
Check off these 2 options:
Access tokens (used for implicit flows)
ID tokens (used for implicit and hybrid flows)
Step 9 - Save all the changes
Configuring Permissions.
Step 10 - Create a new client secret. Take note of the ID and Value.
Step 11 - Under "API permissions", add these permissions:
Microsoft Graph (8): these are part of Microsoft Graph.
Directory.Read.All : this and the next 2 are "Applicaiton" permissions. Used for user sync with Verba server.
Group.Read.All
User.Read.All
User.Read (this is already there by default)
email: this and the next 3 are "delegated permissions", of "OpenId permissions"
offline_access
openid
profile
Step 12 - Under "Expose an API", set "Application ID URI" to "api://[VERBA-SERVER-DOMAIN-NAME]/[AZURE-APP-ID]"
Example "api://verbapool1app.demolab.com/3eddffff-0b0b-5d9b-41d4-2b2a292c529e"
Step 13 - Add a new scope, for example "access-as-user", and enable the scope. Configure "Admins and users" for "Who can consent?" property
Enter the following consent message for admins:
Read user files
Allows the app to read the signed-in user's files
Enter the following consent message for users:
Read your files
Allows the app to read your files
Under "Authorized client applications" section, add these 2 client ids (for desktop/mobile MS Teams and webbase MS Teams), These are to allow MS Teams to request permission for access
5e3ce6c0-2b1f-4285-8d4b-75ee78787346
1fec8e78-bce4-4aaf-ab1b-5451cc387264
Under Manifest, update "accessTokenAcceptedVersion" field to 2:
