Skip to main content

Setting Up the Teams Bridge

Configuring Teams Bridge

Register with Microsoft Azure

You will first need to generate an "Application" to serve connect your Teams bridge with Microsoft.

    Connect to Azure on https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview to go to the Active Directory. Go to "Register an application screen" and register an application. Supported account types can be what fits your needs, but do not select "Personal Microsoft accounts" Redirect URI must be https://<teams_fqdn>/authenticate. You must use the type Desktop and Mobile apps. You don't need to check any of suggested redirection URIs. You should be taken to a general configuration page. Click Certificates & secrets Generate a Client Secret and copy the resulting value. The value will be your teams_client_secret.

    Permissions

    You will need to set some API permissions.

    For each of the list below click Add permission > Microsoft Graph > and then set the Delegated permissions.

      ChannelMessage.Read.All - Delegated ChannelMessage.Send - Delegated ChatMessage.Read - Delegated ChatMessage.Send - Delegated ChatMember.Read - Delegated ChatMember.ReadWrite - Delegated Group.ReadWrite.All - Delegated offline_access - Delegated profile - Delegated Team.ReadBasic.All - Delegated User.Read - Delegated User.Read.All - Delegated

      For each of the list below click Add permission > Microsoft Graph > and then set the Application permissions:

        ChannelMember.Read.All - Application ChannelMessage.Read.All - Application Chat.Create - Application Chat.Read.All - Application Chat.ReadBasic.All - Application Chat.ReadWrite.All - Application ChatMember.Read.All - Application ChatMember.ReadWrite.All - Application ChatMessage.Read.All - Application Group.Create - Application Group.Read.All - Application Group.ReadWrite.All - Application GroupMember.Read.All - Application GroupMember.ReadWrite.All - Application User.Read.All - Application

        Once you are done, click Grant admin consent

          Go to Overview

          Copy the "Application (client) ID" as your teams_client_id in the config

          Copy the "Directory (tenant) ID" as the teams_tenant_id in the config.

          Setting up the bot user

          The bridge requires a Teams user to be registered as a "bot" to send messages on behalf of Matrix users. You just need to allocate one user from the Teams interface to do this.

            First, you must go to the Azure Active Directory page. Click users. Click New user. Ensure Create user is selected. Enter a User name ex. "matrixbridge". Enter a Name ex. "Matrix Bridge". Enter an Initial password. Create the user. Optionally, set more profile details like an avatar. You will now need to log in as this new bot user to set a permanent password (Teams requires you to reset the password on login). After logging in you should be prompted to set a new password. Enter the bot username and password into config under teams_bot_username and teams_bot_password

            Getting the groupId

            The groupId can be found by opening Teams, clicking ... on a team, and clicking "Get link to team". The groupId is included in the URL 12345678-abcd-efgh-ijkl-lmnopqrstuvw in this example.

            https://teams.microsoft.com/l/team/19%3XXX%40thread.tacv2/conversations?groupId=12345678-abcd-efgh-ijkl-lmnopqrstuvw&tenantId=87654321-dcba-hgfe-lkji-zyxwvutsrqpo

            On the hosting machine

            Generate teams registration keys

            openssl genrsa -out teams.key 1024
openssl req -new -x509 -key teams.key -out teams.crt -days 365

            These keys need to be placed in ~/.element-enterprise-server/config/legacy/certs/teams on the machine that you are running the installer on.

            Configure Teams Bridge

            From the Installer's Integrations page, click "Install" under "Microsoft Teams Bridge"

            For the provided teams.yml, please the following documentation of the parameters:

            teams_client_id: # teams app client id
teams_client_secret: # teams app secret
teams_tenant_id: # teams app tenant id
teams_bot_username: # teams bot username
teams_bot_password: # teams bot password
teams_cert_file: teams.crt
teams_cert_private: teams.key
teams_fqdn: <teams bridge fqdn>
teams_bridged_groups:
- group_id: 218b0bfe-05d3-4a63-8323-846d189f1dc1 #change me
  properties:
    autoCreateRooms:
      public: true
      powerLevelContent:
        users:
          "@alice:example.com": 100 # This will add <alice> account as admin
          "@teams-bot:example.com": 100 # the Teams bot mxid <bot_sender_localpart>:<domain_name>
    autoCreateSpace: true
    limits:
      maxChannels: 25
      maxTeamsUsers: 25
# repeat "- group_id:" section above for each Team you want to bridge

     
bot_display_name: Teams Bridge Bot
bot_sender_localpart: teams-bot
enable_welcome_room: true
welcome_room_text: |
 Welcome, your Element host is configured to bridge to a Teams instance.

 This means that Microsoft Teams messages will appear on your Element
 account and you can send messages in Element rooms to have them appear
 on teams.

 To allow Element to access your Teams account, please say `login` and
 follow the steps to get connected. Once you are connected, you can open
 the 🧭 Explore Rooms dialog to find your Teams rooms.
# namespaces_prefix_user: OPTIONAL: default to _teams_
# namespaces_prefix_aliases: OPTIONAL: default to teams_
              For each Bridged Group, you will need to set a group_id and some properties found in the config sample.

              You will need to re-run the installer for changes to take effect.

              Back to top