Deployment guide - OfficeDev/microsoft-teams-apps-groupactivities GitHub Wiki

Prerequisites

To begin, you will need:

  • App Service

  • App Service plan

  • Bot Channels Registration

  • Azure Storage account

  • Application Insights

Step 1: Register Azure AD application:

Register one Azure AD applications in your tenant's directory

  1. Log in to the Azure Portal for your subscription, and go to the "App registrations" blade here .

  2. Click on "New registration", and create an Azure AD application.

    • Name: The name of your Teams app - if you are following the template for a default deployment, we recommend "Group Activities Bot".
    • Supported account types: Select "Accounts in any organizational directory (Any Azure AD directory - Multitenant)"
    • For Redirect URI

  1. Click on the "Register" button.
  2. When the app is registered, you'll be taken to the app's "Overview" page. Copy the Application (client) ID; we will need it later. Verify that the "Supported account types" is set to Multiple organizations.

  1. On the side rail in the Manage section, navigate to the "Certificates & secrets" section. In the Client secrets section, click on "+ New client secret". Add a description (Name of the secret) for the secret and select an expiry time (As per the requirement). Click "Add".

  1. Once the client secret is created, copy its Value; we will need it later. At this point you have 3 values:

    • Application (client) ID for the bot
    • Client secret for the bot
    • Directory (tenant) ID

We recommend that you copy these values into a text file, using an application like Notepad. We will need these values later.

  1. In the navigation pane, click API permissions to open the API permissions panel. It is a best practice to explicitly set the API permissions for the app.

    • Click Add a permission to show the Request API permissions pane.
    • Select Microsoft Graph : Choose Delegated permissions and select below permission
      • Group.ReadWrite.All
      • Group.Read.All
      • User.Read
    • Click Add permissions button.

  2. Once added, please click on Grant admin consent for [your organization name]. Please note that it requires tenant admin consent (tenant admin can also provide consent for entire organization while the bot in Microsoft Teams is set up).

Step 2: Deploy to your Azure subscription

  1. Click on the "Deploy to Azure" button below.

Deploy to Azure

  1. When prompted, log in to your Azure subscription.

  2. Azure will create a "Custom deployment" based on the ARM template and ask you to fill in the template parameters.

  1. Select a subscription and resource group.

    • We recommend creating a new resource group.

    • The resource group location MUST be in a data center that supports: Application Insights; Storage Account. For an up-to-date list, click here, and select a region where these services are available.

  2. Enter a "Base Resource Name", which the template uses to generate names for the other resources.

    • The app service names [Base Resource Name] must be available(not taken); otherwise, the deployment will fail with a Conflict error.

    • Remember the base resource name that you selected. We will need it later.

  3. Fill in the various IDs in the template:

  4. Bot Client ID: The application (client) ID of the Microsoft Teams Bot app.

  5. Bot Client Secret: The client secret of the Microsoft Teams Bot app.

  6. Tenant Id: The tenant ID of Bot.

Make sure that the values are copied as-is, with no extra spaces. The template checks that GUIDs are exactly 36 characters.

  1. If you wish to change the app name, description, and icon from the defaults, modify the corresponding template parameters.

  2. Click on "Review+Create" to start the deployment.It will validate the parameters provided in the template .Once the validation is passed,click on create to start the deployment.

  1. Wait for the deployment to finish. You can check the progress of the deployment from the "Notifications" pane of the Azure Portal. It can take more than 20 minutes for the deployment to finish.

  2. After the deployment is successful, open the deployment details blade and click on "Outputs" option visible in the navigation menu on the left and note down the mentioned values below. We will need them later in the deployment process.

    • botId: This is the Microsoft Application ID for the Group Activities Bot. (We will refer to the value as %botId% in the following steps.)
    • appDomain: This is the base domain for the Group Activities Bot.. (We will refer to the value as %appDomain% in the following steps.)

Step 3: Set up authentication for bot

  1. Note the name of the bot that you deployed, which is [BaseResourceName].

  2. Go to azure portal here and search for your bot.

  3. Click on the bot in the application list. Under "Settings", click on "Add Setting".

  4. Fill in the form as follows:

    a. For Name, enter "GroupActivitiesAuth". You'll use it in your bot code.

    b. For Service Provider, select Azure Active Directory v2. Once you select this, the Azure AD-specific fields will be displayed.

    c. For Client id, enter the application (client) ID that you recorded earlier.

    d. For Client secret, enter the secret that you created to grant the bot access to the Azure Active Directory v2 app.

    e. For Tenant ID, enter the directory (tenant) ID that your recorded earlier for your Azure Active Directory v2 app. This will be the tenant associated with the users who can be authenticated.

    f. For Scopes, enter the names of the permissions you choose from application registration. Enter space separated values: Group.ReadWrite.All Group.Read.All User.Read

  5. Click Save.

Step 4: Create the Teams app packages

Create Teams app package: to install in teams chat.

  1. Open the Manifest\manifest.json file in a text editor.

  2. Change the placeholder fields in the manifest to values appropriate for your organization.

  3. Change the placeholder to your Azure Active Directory v2 application's ID from above. This is the same GUID that you entered in the template under "Bot Client ID".

  4. In the validDomains section, replace the with your Bot App Service's domain. This will be [BaseResourceName].azurewebsites.net. For example if you chose "GroupActivities" as the base name, change the placeholder to `GroupActivities.azurewebsites.net. in the valid domains for allowing the Azure Active Directory v2 sign-in prompt to open.

  1. Create a ZIP package with the manifest.json, color.png, and outline.png. The two image files are the icons for your app in Teams.

    • Name this package GroupActivities.zip.
    • Make sure that the 3 files are the top level of the ZIP package, with no nested folders.

Step 5: Run the apps in Microsoft Teams

  1. If your tenant has sideloading apps enabled, you can install your app by following the instructions here
  2. You can also upload it to your tenant's app catalog, so that it can be available for everyone in your tenant to install. See here
  3. Install the Group Activities bot (the GroupActivities.zip package) to your teams chat.

Troubleshooting

Please see our Troubleshooting page.

⚠️ **GitHub.com Fallback** ⚠️