Microsoft Teams: Integration Setup (Login with Microsoft)

The Teams Integration can be used for accessing your map, timeline or calendars as tabs in your Teams application - both online and desktop versions - and also as a Single Sign-on source for the YAROOMS platform.

Jump to:

1. Requirements

2. Application and permissions in Azure portal

3. Configure integration in YAROOMS

4. Add YAROOMS in Teams

5. SSO with Teams

6. User provisioning

           

1. Requirements

In order to use YAROOMS as a tab under your Microsoft Teams account, settings and configuration must be applied both in Azure Portal and YAROOMS. Until this is done properly, a message containing "Inactive Teams Integration" will be displayed in the Teams tab.

The technical steps below must be performed by a user with Admin privileges, both in Azure Portal and in the YAROOMS web app.

 


2. Application and Permissions in Azure Portal
In Azure Portal go to Manage Azure Active Directory → App Registrations and create a new Application (+New Registration button). Under Supported account types, please choose: Multitenant (see photo).

Screenshot 2022-02-22 at 17.07.52

After saving, store the Application (client) ID and Directory (tenant) ID for later use. 


In the new App’s edit screen, go to API Permissions, click on "+Add a permission" and then on Microsoft Graph.

Screenshot 2022-02-22 at 17.19.47-1 
There are 2 types of permissions: Delegated and Application.

⚠️ Careful to select the correct ones when following the below instructions.

The minimal permissions needed are:
  •  For Delegated Permissions:
    •  Everything under Openid permissions (email,offline_access,openid,profile)
  •  For Application Permissions:
    •  Directory.Read.All
    •  User.Read.All

 ⚠️ Make sure you "Grant admin consent" to those permissions!

See photo below:

add admin consent-1
 
Back on the App’s edit screen, go to Certificates and Secrets and create a New Client Secret. Store the string displayed in the Value column for later use (Careful! Secret Value, not Secret ID).

The value of the newly generated Secret will be available in the clear only during the session during which it was created. In future sessions it will be permanently obfuscated and unusable.

 
In the App’s edit screen, go to Authentication. Click on "+Add Platform" and select Single-page application.
Screenshot 2022-02-22 at 17.48.15
  •  Redirect URI: https://[domain].yarooms.com/account/login . The domain value is the unique URL used by your company.
  •  Under Implicit grant and hybrid flows: Check both boxes (Access tokens and ID Tokens)
  •  Under Advanced Settings, make sure you have the Allow public client flows set to YES.

    Screenshot 2022-02-22 at 17.53.43
          

3. Configure Integration in YAROOMS

In YAROOMS web app, navigate to Settings → Integrations → Login with Microsoft.
As shown in the photo below, fill out the fields with the correct information found in the above Chapter 2:
  • Directory (tenant) ID and Application (client) ID: you were instructed to store those values for later use. Copy-paste them in the appropriate fields.
  • Client Secret: also, you were instructed to store the Secret VALUE (not ID) when first creating it. Paste it in the Client Secret field.

    Screenshot 2024-05-01 at 10.44.59
Once the fields have been filled out with the correct values, make sure that "Integration Active" is set yo YES, then click on the Save button.    

4. Add YAROOMS in Teams

There are two ways of displaying Yarooms in Teams:
  1. Adding YAROOMS to your Teams left sidebar:
    ➡️ dedicated article

  2. Adding YAROOMS windows as individual tabs:
    Go to Teams and install the App package. When prompted for the URL, type one of the following:
  •  https://[domain].yarooms.com/workplace/map
  •  https://[domain].yarooms.com/workplace/timeline
    *replace [domain] with the with the specific personalized section of your company's Yarooms account URL.
    Screenshot 2023-10-22 at 23.57.26 
    ⚠️ A Teams tab can only display a single view, so, if a user needs to access more than one view at once, they can simply create another tab with a different URL.
     
       

    5. SSO with Teams
    When activated, a new login option will be available in your tenant's login page, allowing users to login to YAROOMS with their Teams identity, without having to enter their email and password.
    This does not require additional setup and configuration beyond the steps presented above.
             

    6. User Provisioning

    When activated this will allow users who don't have an account in YAROOMS to have it automatically created with the user details obtained from their Azure AD identity (email, first and last name) and with the Location and Group mapped to the configuration of choice.
    When deactivated, only users who already have an account in YAROOMS will be able to login with their Teams identity, by matching their email address from YAROOMS with the one they have in Azure AD.
    The Static option will create all new users in a single Location and Group.

    We don't recommend using the pre-defined Administrator or Supervisor groups for mapping, as all new users will have extended permissions within your tenant.

     
    The Dynamic option will create new users by matching the values from a Directory field to the names of the locations / groups in YAROOMS.
    The Directory field is either a pre-defined or a custom user attribute in Azure AD. This will not be passed as a claim through the relay app built for this integration, but rather accessed separately via Microsoft Graph by using the settings and permissions defined above.
    •  The Auto mapping type will match the value retrieved from the Directory field to the name of a Location/Group in YAROOMS - if an entity with that name does not exist then the user account will not be created.
    •  The Manual mapping type will allow pairing names of Locations / Groups to values that are supposed to be passed in the Directory field. 
    •  The values passed in the Directory field are case sensitive.
     
    Example of a "Dynamic - Manual" Group Mapping:

    tems mappinng-1
    • notice that the most commonly used value for the directory field is "memberOf".
    • from the bottom dropdown (-Add group to the list-), you can select which YAROOMS User group you would like to link to which group you have in Azure.
    • after adding them , you must specify each of the IDs OR the exact names of the Azure Groups.
    • if the Azure retrieved value is not paired to an existing group in YAROOMS, then the user account will be created in the Default group.