Skip to content
This repository has been archived by the owner on Jul 22, 2024. It is now read-only.

Update the Azure AD app registration

Jump to bottom
Benjamin Tsai edited this page Feb 6, 2023 · 2 revisions
  1. Go to the Azure portal.
  2. Select Azure Active Directory.
  3. In the left pane, select App Registrations.
  4. Select your bot.

image 5. Under Manage, select Expose an API.
6. Select Set.

image

  1. Set the Application ID URI in the form of api://{AppID}.

  2. Insert the WebAppDomain value between api:// and /{AppID}. api://2bb1****.ngrok.io/{AppID}

    The following image shows the domain name:

image

NOTE If you're using a tunneling service such as ngrok, ensure you update the value whenever your ngrok subdomain changes. api://f631****.ngrok.io/92c11075-c629-4a1e-ab58-02b4fd4204c2, where f631****.ngrok.io is the new ngrok subdomain name.

  1. Select Add a scope.

image

  1. In the pane that appears, enter access_as_user as the Scope name.
  2. Set Who can consent? to Admins and users.
  3. To configure the admin and user consent prompts with appropriate values for access_as_user scope, provide the following information in the fields:
  • Enter Teams can access the user’s profile as Admin consent display name.
  • Enter Allows Teams to call the app’s web APIs as the current user as Admin consent description.
  • Enter Teams can access the user profile and make requests on the user’s behalf as User consent display name.
  • Enter Enable Teams to call this app’s APIs with the same rights as the user as User consent description.
  1. Ensure that State is set to Enabled.
  2. Select Add scope to save.

NOTE The Scope name should match with the Application ID URI with /access_as_user appended at the end. For example, api://2bb1****.ngrok.io/00000000-0000-0000-0000-000000000000/access_as_user.

image

  1. In the Authorized client applications section, identify the applications that you want to authorize for your app’s web application.
  2. Select Add a client application.

image

  1. Enter Client ID: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 for Teams mobile or desktop application.
  2. Enter Client ID: 5e3ce6c0-2b1f-4285-8d4b-75ee78787346 for Teams web application.
  3. Select Authorized scopes. The following image displays the client IDs:

image

  1. In the left pane, select API Permissions.

NOTE Users need to consent to these permissions only if the Azure AD app is registered in a different tenant.

  1. Select Add a permission.

image

  1. Select Microsoft Graph.
  2. Select Delegated permissions.
  3. Add the following permissions:
  • email
  • offline_access
  • OpenId
  • profile
  • User.Read
  1. Select Add permissions.

image

  1. From the left pane, select Authentication to set a redirect URI.

NOTE If an app isn't granted IT admin consent, users must provide consent for the first time they use the app.

  1. Select Add a platform.
  2. Select Web.
  3. Enter the redirect URI for your app by appending auth-end to fully qualified domain name: https://2bb1****.ngrok.io/auth-end.
  4. Enable Implicit grant and hybrid flows by selecting the following checkboxes:
  • Access tokens (used for implicit flows)
  • ID tokens (used for implicit and hybrid flows)
  1. Select Configure.

image

Clone this wiki locally