Skip to main content

Setting Up the Teams Bridge

Configuring Teams Bridge


Register thewith provider


Setting up the teams appAzure

You will first need to generate an "Application" to serve connect your Teams bridge with Microsoft.

  • Connect to Azure on to go to the Active Directory.

    • Go

      to "Register an application screen"

      and register an application.
    • Register an app

    • Supported account types can be what fits your needs, but do not select "Personal Microsoft accounts"

    • Redirect URI must be https://<teams_fqdn>/authenticate. You must use the type Desktop and Mobile apps. You don't need to check any of suggested redirection URIs.

    • You should be taken to a general configuration page. Click Certificates & secrets

    • Generate a Client secretSecret and copy the resulting value. The value will be your teams_client_secret.


    You will need to set some API permissionspermissions.

  • For each of the list below click Add permission > Microsoft Graph > and then the delegated permissions. Addset the followingDelegated permissions :.

    • ChannelMessage.Read.All - Delegated

    • ChannelMessage.Send - Delegated

    • ChatMessage.Read - Delegated

    • ChatMessage.Send - Delegated

    • ChatMember.Read - Delegated

    • ChatMember.ReadWrite - Delegated

    • Group.ReadWrite.All - Delegated

    • offline_access - Delegated

    • profile - Delegated

    • Team.ReadBasic.All - Delegated

    • User.Read - Delegated

    • User.Read.All - Delegated

    For each of the list below click Add permission > Microsoft Graph > and then the application permissions. Addset the followingApplication permissions :

    • ChannelMember.Read.All - Application

    • ChannelMessage.Read.All - Application

    • Chat.Create - Application

    • Chat.Read.All - Application

    • Chat.ReadBasic.All - Application

    • Chat.ReadWrite.All - Application

    • ChatMember.Read.All - Application

    • ChatMember.ReadWrite.All - Application

    • ChatMessage.Read.All - Application

    • Group.Create - Application

    • Group.Read.All - Application

    • Group.ReadWrite.All - Application

    • GroupMember.Read.All - Application

    • GroupMember.ReadWrite.All - Application

    • User.Read.All - Application

    Once you are done, click Grant admin consent

    • Go to Overview

    • Copy the "Application (client) ID" as your teams_client_id in the config

    • Copy the "Directory (tenant) ID" as the teams_tenant_id in the config.

    Setting up the bot user

    • The bridge requires a Teams user to be registered as a "bot" to send messages on behalf of Matrix users. You just need to allocate one user from the Teams interface to do this.

      • First, you must go to the Azure Active Directory page.

      • Click users.

      • Click New user.

      • Ensure "Create user"user is selected.

      • Enter a User name ex. "matrixbridge".

      • Enter a Name ex. "Matrix Bridge".

      • Enter an Initial password.

      • Create the user.

      • Optionally, set more profile details like an avatar.

      • You will now need to log in as this new bot user to set a permanent - password (Teams requires you to reset the password on login).

      • After logging in you should be prompted to set a new password.

      • Enter the bot username and password into config under teams_bot_username and teams_bot_password

      Getting the groupId

      The groupId can be found by opening Teams, clicking ... on a team, and clicking "Get link to team". The groupId is included in the URL.

      On the hosting machine

      Generate teams registration keys

      openssl genrsa -out teams.key 1024
      openssl req -new -x509 -key teams.key -out teams.pem -days 365

      Configure Teams Bridge

      • Copy the sample file from config-sample/teams/ to the teams sub-directory within your config folder
      • Edit the files accordingly to the provider. Parameters are as follows:
        • teams_client_id: # teams app client id
        • teams_client_secret: # teams app secret
        • teams_tenant_id: # teams app tenant id
        • teams_bot_username: # teams bot username
        • teams_bot_password: # teams bot password
        • teams_cert_file: teams.crt
        • teams_cert_private: teams.key
        • teams_fqdn:
        • bot_display_name: Teams Bridge Bot
        • bot_sender_localpart: teams-bot
        • enable_welcome_room: true
        • welcome_room_text: The text to display when the bridge joins a room.
        • namespaces_prefix_user: OPTIONAL. default to teams
        • namespaces_prefix_aliases: OPTIONAL. default to teams_
      • For each Bridged Group, you will need to set a group_id and some properties found in the config sample.
      • Run the installer to configure SAML provisioning