Creating an Azure Bot for IdentityIQ's Microsoft Teams Notifications

Next you will create an Azure bot that leverages Microsoft's artificial intelligence (AI) chatbot to manage the messaging between Microsoft Teams and IdentityIQ. This bot also stores the configuration required to access the IdentityIQ service code.

Details on how to configure Azure components are provided in this guide as an aid to implementers; however, implementers should also consult Microsoft's documentation on Azure and Microsoft Teams to ensure that they have the most accurate and up-to-date information on these platforms. This guide only discusses actions in Azure that are required as part IdentityIQ's Microsoft Teams Notifications feature, and does not discuss more general Azure concepts or actions that may be part of setting up Microsoft Teams and SSO for your organization.

  1. From your Azure home, use the search field to search for Azure Bot.

  2. Choose the result that appears in the Marketplace category, to open the Create an Azure Bot page.

  3. Enter a Bot handle. This is the name of your bot, that your users will see in the Microsoft Teams application.

  4. Select your resource group for the bot.

  5. Choose your pricing plan.

  6. For Type of app, choose the Multitenant option.

  7. For Creation type, choose Use existing app registration. This is how you link the bot to your Microsoft Teams application. Enter these values from the Teams application you created, as described in Creating a Microsoft Teams Application for IdentityIQ in Azure.

    • App ID

    • App tenant ID

    • App secret

  8. Click Review + Create to create the bot and link it to your Microsoft Teams application. On the review screen, click Create to confirm the bot creation.

  9. When the deployment process is complete, configure the bot:

    1. Click Go to Resource

    2. In the left navigation, click Configuration.

    3. Enter a Messaging endpoint. This endpoint is used by the Microsoft Teams application to communicate with the bot. The endpoint must be a public, DNS-resolvable domain name.

      For security purposes, SailPoint recommends using a format that incorporates the Microsoft App ID with the dashes removed. For example

      https://identityiqteams.mycompany.com:3978/appidwithnodashes/api/messages

    4. Click Apply

    5. Click Add OAuth Connection Settings – this connection manages tokens for SSO authentication. You will use some values from the Microsoft Teams application you created; see Creating a Microsoft Teams Application for IdentityIQ in Azure for details on where to find those values.

      1. Enter a Name for the new connection setting. Do not include spaces in the name.

      2. For Service provider, select Azure Active Directory v2

      3. Enter the Client ID and Client secret from your Microsoft Teams application.

      4. For Token Exchange URL enter the Application ID URI from your Microsoft Teams application. This is the URI that begins with api://botid-

      5. Enter your Tenant ID.

      6. For Scope, enter the scope you created for your API application. To find this value, navigate to your API application, click Expose an API, and copy the full scope from the Scopes field there, to enter here. See Creating an API Application in Azure.

      7. Click Save.

  10. Click Apply to save all your changes.