architecture - OfficeDev/microsoft-teams-apps-request-a-guest GitHub Wiki
Request-a-guest app is created using the Power platform which leverages services such as PowerApps, Logic Apps and connectors such as SharePoint Lists, Office 365 Users and MS Graph.
The solution consists of the following components:
PowerApp
The PowerApp consists of 3 pages.
- New Request - this allows users to enter the details of the guest that they wish to add
- My Requests - this page shows the user the status of their submitted requests along with a historical list of all their previous requests
- Approve Requests - this page is only visible to members of the Guest Approvers group created during setup. Members of this group can approve or reject requests.
The PowerApp has connections to Office 365 Groups, Office 365 Users. Microsoft Teams and SharePoint Online.
SharePoint Site & SharePoint List A SharePoint site is used to host a SharePoint list which contains the request details. The service account used during setup of the app is added as an Owner of the SharePoint site.
Teams and Teams Channel A Microsoft Team is required for the members of the Guest Approvers group. A Teams channel is used to post adaptive cards for the approvers to approve or reject a request.
Azure Resource Group An Azure Resource Group is created to host the various Azure components.
Logic App - DomainCheck The DomainCheck logic app is used to verify that domains appear on the Allow List (if in use) or do not appear on the Block List (if in use). In order to run the query the Logic App invokes an Azure Runbook, detailed below.
Logic App - RequestaGuest The RequestaGuest Logic App is used to verify that the guest request has been approved and uses MS Graph to invite the guest.
Logic App - Teams Approval The Teams Approval Logic App is used to monitor the SharePoint list and post adaptive cards to the Teams channel for the approvers to respond to requests. The Logic App is also used to notify the requestor that their request has been approved or declined
KeyVault An Azure KeyVault is created to store the app registration details used to connect to MS Graph and invite the guest user.
Azure Runbook - RequestaGuest The Azure runbook is invoked by the DomainCheck Logic App and is used to query Azure AD for the domain Allow List and the domain Block List.
Service Account A service account is used to write the entries to the SharePoint list. It is also used as a recipient of the emails sent by the Logic Apps to record submissions and approvals/rejections. This service account is created manually by an administrator prior to deploying the app.
App Registration An App Registration is used to connect to MS Graph and issue the invites.
Architecture