Components of IdentityIQ's Microsoft Teams Notifications

Here is an overview of the components that are part of the IdentityIQ Microsoft Teams Notifications feature. Some of these components are created as app registrations in Azure. Detailed instructions for creating and configuring these components is provided later in this document.

API Application – an Azure app registration that enables token-based authentication between Microsoft Teams and IdentityIQ by providing a GetToken scope and the proper audience value. This will be assigned to the Teams application as a permission. When this is enabled, IdentityIQ can look for the scope GetToken when the bot requests an API token, and verify the audience token claim. See Creating an API Application in Azure.

Teams Application – an Azure app registration that defines the scope in Azure that can be used by the IdentityIQ Microsoft Teams Notifications feature. In this app, you define authentication parameters, set a client secret, and choose which Microsoft Graph API permissions to expose. You will use some values from this app in IdentityIQ, to ensure secure communication between IdentityIQ and Azure. See Creating a Microsoft Teams Application for IdentityIQ in Azure

Azure Bot for Microsoft Teams – an Azure bot that leverages Microsoft's artificial intelligence (AI) chatbot to manage the messaging between Microsoft Teams and IdentityIQ. This bot also stores the configuration required to access the IdentityIQ service code. See Creating an Azure Bot for IdentityIQ's Microsoft Teams Notifications.

IdentityIQ service code – this code is provided by SailPoint and is installed in your environment. The service code package includes an environment (.env) file that must be configured with necessary resource information such as the Azure Teams app ID, Azure Teams app secret, Azure tenant ID, and more. Once the .env file has been configured, a manifest can be built. This manifest is used to deploy the app in the user's Teams environment. See Installing and Configuring the IdentityIQ Service Code

Optional: SSO Provider – an Azure app registration that enables SAML-based single-sign on between Microsoft Teams and IdentityIQ. Implementing this option streamlines the login process for Microsoft Teams users, allowing them bypass the IdentityIQ login when they click IdentityIQ links in Microsoft Teams. See Configuring Single Sign-On to IdentityIQ from Microsoft Teams