Azure AI Bot Service
An Azure service that provides an integrated environment for bot development.
747 questions
How to add SSO to an azure bot on microsoft teams
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 26%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ashish Sood
1
Reputation point
Followed steps documented to enable bot sso
- Created a bot.
- Added Microsoft Teams under Channels.
- Under Configuration added the messaging endpoint. e.g. (https://myproxy.proxyapp.com/teams/app/activity).
- Generated a client secret for the Microsoft app id.
- Added "https://token.botframework.com/.auth/web/redirect" as the Redirect URI for Web platform under Authentication for my Microsoft App.
- Under API Permissions for my Microsoft App added "email offline_access openid profile". "User.Read" was available by default.
- Under Expose an API added "api://botid-{Microsoft app id}". Added scope "access_as_user". Added web (1fec8e78-bce4-4aaf-ab1b-5451cc387264) and desktop (5e3ce6c0-2b1f-4285-8d4b-75ee78787346) client applications.
- In the Manifest file for my Microsoft app updated "accessTokenAcceptedVersion": 2.
- For my bot added an OAuth Connection as below
-
- Created an app on Microsoft Teams and associated my Micorsoft App Id as the bot id. Attached is the manifest for my Microsoft Teams app.
When I install this app to Microsoft Teams the bot is shown in the chat tab which is expected. Further the document says as a 1st step
"The bot sends a message with an OAuthCard that contains the tokenExchangeResource property.". How can I achieve this?
When I type "Hi" for the very 1st time on the bot I receive the below JSON at my messaging endpoint
{"text":"hi","textFormat":"plain","attachments":[{"contentType":"text/html","content":"<div>hi</div>"}],"type":"message","timestamp":"2021-10-05T18:27:21.5454867Z","localTimestamp":"2021-10-05T23:57:21.5454867+05:30","id":"1633458441515","channelId":"msteams","serviceUrl":"https://smba.trafficmanager.net/in/","from":{"id":"29:1kR5UGDG5iTFhsVadKAadeYuzsLEhMYK_YFxb7_Y62nAilJVLIMiPtC8oLrGGyK7wZTaFc8-jlVxJq3q0bpoBMw","name":"Ashish Sood","aadObjectId":"3836************************be046"},"conversation":{"conversationType":"personal","tenantId":"1734*************************bb8ecf","id":"a:1xMOdsbv02hfl2J4GUGA7-WemaLGCOxFlzsSNcQ9StjIMAAKn64tJ0zxKk25b02NMTl3rc7nbNffMZGXVYfraNIDKnptC01oeLRv7Ngh2WMCyOrmBT2KaDleQXSU2s4MY"},"recipient":{"id":"28:18c9**********************02b9","name":"NOW_Virtual_Agent_SSO_Bot"},"entities":[{"locale":"en-GB","country":"GB","platform":"Mac","timezone":"Asia/Calcutta","type":"clientInfo"}],"channelData":{"tenant":{"id":"1734************************b8ecf"}},"locale":"en-GB","localTimezone":"Asia/Calcutta"}
How do I use this JSON to complete the 6 steps mentioned at
auth-aad-sso-bots
Azure AI Bot Service
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,870 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,569 questions
{count} votes
-
Ashish Sood 1 Reputation point
2021-10-10T19:35:04.34+00:00 Adding the Microsoft Teams app manifest.json
139160-manifestjson.txt -
Sharon Zhao-MSFT 25,056 Reputation points Microsoft Vendor2021-10-11T05:35:08.7+00:00 As we are mainly responsible for general question of Microsoft Teams, your question related to azure bot is not supported by us. I will change office-teams-windows-itpro tag to office-teams-app-dev tag. Someone checking that tag will give you more insight. Thanks for your patience and understanding.
-
romungi-MSFT 42,286 Reputation points Microsoft Employee2021-10-12T07:27:54.323+00:00 @Ashish Sood I think the detailed steps are mentioned in the next section of this documentation, It has a sample bot with the tokenExchange helper file.
You can try all the steps with the sample bot to achieve the SSO authentication scenario with teams bot. -
Ashish Sood 1 Reputation point
2021-10-15T14:20:03.91+00:00 @romungi-MSFT Thanks for the reply. Below is my issue
- All the demos and sample codes are either in C# or Javascript (Node.js) or DotNetCore and are using the Bot Builder frame SDK.
- We have a already running bot to which we need to add SSO capability. All demos and sample code either create a bot and the app using Visual Studio or Yeoman generator and then add Bot Builder as a dependency using npm. That's not my case.
- I created the bot on Azure portal under Bot Services->AzureBot. Configured the AAD app backing the bot under App Registrations. Finally created the MS Teams app using the App Studio feature within MS Teams and attached my bot to this MS Teams app from there.
- Further in my scenario I have my activity endpoint i.e. /api/messages defined in a proxy server which is programmed in LUA programming language. The demos use ngrok which is always pointing to there local server.
- Is there a way where instead of depending upon the bot builder SDK I have an API way of completing the SSO flow for my bot. For e.g. currently I use below 3 API to complete my OAuth flow
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
https://login.microsoftonline.com/common/oauth2/v2.0/token
https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token - What I am looking for is a way that when my activity endpoint receives a 'Hi' or 'Hello' message for the very 1st time can I create a JSON which contains the OAuth Card with 'tokenExchangeResource' property defined
Sign in to comment