cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Galasso
Frequent Visitor

SSO integration in Teams

Hi all,

as stated here "SSO is only supported on the live website publication channel."

Does exist a roadmap for the SSO integration in the other channels, especially in Teams?

For when we can expect new releases?

 

Thanks,

Alessandro.

 

20 REPLIES 20

The page where your bot is going to be hosted need to be registered in the oauth so that MSAL can redirect back to this page. @nk1ng I got all your questions. Hope you get better soon

nk1ng
Helper II
Helper II

So I need to build a custom logon card and publish somewhere for SSO in Teams to work, without that it won't work correct?

-n

It is not custom logon card. The directline API requires a User to communicate with bot. The MSAL code that I mentioned checks for any token and if not tries to get a new user token. If the page hosting the bot is in M365 then the single sign on will be seamless without any login prompt. If not then the user will be prompted to type in user name and password. In my case I was hosting this bot within SP Online page and hence the MSAL login was seamless. The login card is provided internally by Azure AD and there is no need to build any card for that.

 

directLine.postActivity({
		                            type: 'invoke',
		                            name: 'signin/tokenExchange',
		                            value: {
		                                id: activity.attachments[0].content.tokenExchangeResource.id,
		                                connectionName: activity.attachments[0].content.connectionName,
		                                token,
		                            },
		                            "from": {
		                                id: userID,
		                                name: userEmailAddress,
		                                role: "user"
		                            }
		                        }).subscribe(
		                            id => {

		                                if (id === 'retry') 
		                                {
		                                	document.location.reload();
		                                    // bot was not able to handle the invoke, so display the oauthCard
		                                    //return next(action);
		                                }
		                                // else: tokenexchange successful and we do not display the oauthCard
		                            },
		                            error => 
		                            {
		                            	debugger;
		                                // an error occurred to display the oauthCard
		                                return next(action);
		                            }
		                        );

In this code the UserID used in "from" parameter is Azure AD user id.

 

Hope this helps

nk1ng
Helper II
Helper II

So on this tutorial:  https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso-teams

nk1ng_0-1632754222118.png

 

Where is the second client ID?  I am just trying to set up SSO on Teams not the web, I still need the second client?

 

 

nk1ng
Helper II
Helper II

Also I am not using ngrok/VB code, my bot is straight PowerVA.. I am struggling with that, I don't have any "code" to modify?  That makes a different?

aksridhar1
Advocate II
Advocate II

@nk1ng  I understand that. Where are you hosting your bot - In Teams or in a web page? If it is external web page then everytime you open the page the bot will prompt you for login and password. if you want to avoid that then you will have to write custom code

nk1ng
Helper II
Helper II

Just in Teams, @aksridhar1.  I don't need the web side of it, still need to write custom code for SSO?

Also trying to walk through youtubes on that but it's always using ngrok/vb and always using Multitenant..

nk1ng_1-1632759741771.png

 

Need to change that too?

 

nk1ng
Helper II
Helper II

Basically, @aksridhar1, do I need to start over with a new VB/ngrok bot or it's possible to use SSO on Teams without custom code  and just use my PowerVA bot?

aksridhar1
Advocate II
Advocate II

@nk1ng All the steps that are mentioned in this thread is for custom web pages and not Teams. For Teams it is out of box. You do not need to do anything with Teams. Not even SSO configuration. The Teams will prompt for the login once and will be stored in Teams cache until you clear the cache. Not sure what is the error you are getting when you try to deploy the bot to Teams. Can you share screenshot?

 

nk1ng
Helper II
Helper II

@aksridhar1, I broke my test bot trying to integrate sso in Teams currently lol.  However basically I am just trying to get rid of that OTP all together but I want to have the option for the bot to communicate on behalf of the user.

 

Here is the test bot on powerva (need to change something on that for Teams, when I published to Teams it quit listening):

nk1ng_0-1632832643266.png

 

 

 

Helpful resources

Announcements
Power Virtual Agents News & Announcements

Power Virtual Agents News & Announcements

Keep up to date with current events and community announcements in the Power Virtual Agents community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Virtual Agents Community Blog

Power Virtual Agents Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Users online (4,565)