Solved: Re: SSO integration in Teams - Page 2

Galasso · ‎09-01-2020

Hi all,

as stated here "SSO is only supported on the live website publication channel."

Does exist a roadmap for the SSO integration in the other channels, especially in Teams?

For when we can expect new releases?

Thanks,

Alessandro.

aksridhar1 · ‎09-23-2021

The page where your bot is going to be hosted need to be registered in the oauth so that MSAL can redirect back to this page. @nk1ng I got all your questions. Hope you get better soon

nk1ng · ‎09-23-2021

So I need to build a custom logon card and publish somewhere for SSO in Teams to work, without that it won't work correct?

-n

aksridhar1 · ‎09-23-2021

It is not custom logon card. The directline API requires a User to communicate with bot. The MSAL code that I mentioned checks for any token and if not tries to get a new user token. If the page hosting the bot is in M365 then the single sign on will be seamless without any login prompt. If not then the user will be prompted to type in user name and password. In my case I was hosting this bot within SP Online page and hence the MSAL login was seamless. The login card is provided internally by Azure AD and there is no need to build any card for that.

directLine.postActivity({
		                            type: 'invoke',
		                            name: 'signin/tokenExchange',
		                            value: {
		                                id: activity.attachments[0].content.tokenExchangeResource.id,
		                                connectionName: activity.attachments[0].content.connectionName,
		                                token,
		                            },
		                            "from": {
		                                id: userID,
		                                name: userEmailAddress,
		                                role: "user"
		                            }
		                        }).subscribe(
		                            id => {

		                                if (id === 'retry') 
		                                {
		                                	document.location.reload();
		                                    // bot was not able to handle the invoke, so display the oauthCard
		                                    //return next(action);
		                                }
		                                // else: tokenexchange successful and we do not display the oauthCard
		                            },
		                            error => 
		                            {
		                            	debugger;
		                                // an error occurred to display the oauthCard
		                                return next(action);
		                            }
		                        );

In this code the UserID used in "from" parameter is Azure AD user id.

Hope this helps

nk1ng · ‎09-27-2021

So on this tutorial: https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso-teams

Where is the second client ID? I am just trying to set up SSO on Teams not the web, I still need the second client?

nk1ng · ‎09-27-2021

Also I am not using ngrok/VB code, my bot is straight PowerVA.. I am struggling with that, I don't have any "code" to modify? That makes a different?

aksridhar1 · ‎09-27-2021

@nk1ng I understand that. Where are you hosting your bot - In Teams or in a web page? If it is external web page then everytime you open the page the bot will prompt you for login and password. if you want to avoid that then you will have to write custom code

nk1ng · ‎09-27-2021

Just in Teams, @aksridhar1. I don't need the web side of it, still need to write custom code for SSO?

Also trying to walk through youtubes on that but it's always using ngrok/vb and always using Multitenant..

Need to change that too?

nk1ng · ‎09-28-2021

Basically, @aksridhar1, do I need to start over with a new VB/ngrok bot or it's possible to use SSO on Teams without custom code and just use my PowerVA bot?

aksridhar1 · ‎09-28-2021

@nk1ng All the steps that are mentioned in this thread is for custom web pages and not Teams. For Teams it is out of box. You do not need to do anything with Teams. Not even SSO configuration. The Teams will prompt for the login once and will be stored in Teams cache until you clear the cache. Not sure what is the error you are getting when you try to deploy the bot to Teams. Can you share screenshot?

nk1ng · ‎09-28-2021

@aksridhar1, I broke my test bot trying to integrate sso in Teams currently lol. However basically I am just trying to get rid of that OTP all together but I want to have the option for the bot to communicate on behalf of the user.

Here is the test bot on powerva (need to change something on that for Teams, when I published to Teams it quit listening):

SSO integration in Teams

Helpful resources

Power Virtual Agents News & Announcements

Community Calls Conversations

Power Virtual Agents Community Blog