Skip to main content

Setting Up the Teams Bridge

Configuring Teams Bridge

On the provider

Setting up the teams app

Connect to Azure on https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview to go to the Active Directory.

  • "Register an application screen"

  • Register an app

  • Supported account types can be what fits your needs, but do not select "Personal Microsoft accounts"

  • Redirect URI must be https://<teams_fqdn>/authenticate. You must use the type Desktop and Mobile apps. You don't need to check any of suggested redirection URIs.

  • You should be taken to a general configuration page. Click Certificates & secrets

  • Generate a Client secret and copy the resulting value. The value will be your teams_client_secret.

  • You will need to set some API permissions

  • For each of the list below click Add permission > Microsoft Graph > and then the delegated permissions. Add the following permissions :

  • ChannelMessage.Read.All - Delegated

  • ChannelMessage.Send - Delegated

  • ChatMessage.Read - Delegated

  • ChatMessage.Send - Delegated

  • ChatMember.Read - Delegated

  • ChatMember.ReadWrite - Delegated

  • Group.ReadWrite.All - Delegated

  • offline_access - Delegated

  • profile - Delegated

  • Team.ReadBasic.All - Delegated

  • User.Read - Delegated

  • User.Read.All - Delegated

  • For each of the list below click Add permission > Microsoft Graph > and then the application permissions. Add the following permissions :

  • ChannelMember.Read.All - Application

  • ChannelMessage.Read.All - Application

  • Chat.Create - Application

  • Chat.Read.All - Application

  • Chat.ReadBasic.All - Application

  • Chat.ReadWrite.All - Application

  • ChatMember.Read.All - Application

  • ChatMember.ReadWrite.All - Application

  • ChatMessage.Read.All - Application

  • Group.Create - Application

  • Group.Read.All - Application

  • Group.ReadWrite.All - Application

  • GroupMember.Read.All - Application

  • GroupMember.ReadWrite.All - Application

  • User.Read.All - Application

  • Once you are done, click Grant admin consent

  • Go to Overview

  • Copy the "Application (client) ID" as your teams_client_id in the config

  • Copy the "Directory (tenant) ID" as the teams_tenant_id in the config.

Setting up the bot user

  • The bridge requires a Teams user to be registered as a "bot" to send messages on behalf of Matrix users. You just need to allocate one user from the Teams interface to do this.

  • First, you must go to the Azure Active Directory page.

  • Click users.

  • Click New user.

  • Ensure "Create user" is selected.

  • Enter a User name ex. "matrixbridge".

  • Enter a Name ex. "Matrix Bridge".

  • Enter an Initial password.

  • Create the user.

  • Optionally, set more profile details like an avatar.

  • You will now need to log in as this new bot user to set a permanent - password (Teams requires you to reset the password on login).

  • After logging in you should be prompted to set a new password.

  • Enter the bot username and password into config under teams_bot_username and teams_bot_password

Getting the groupId

The groupId can be found by opening Teams, clicking ... on a team, and clicking "Get link to team". The groupId is included in the URL.

On the hosting machine

Generate teams registration keys

openssl genrsa -out teams.key 1024
openssl req -new -x509 -key teams.key -out teams.pem -days 365

Configure Teams Bridge

  • Copy the sample file from config-sample/teams/ to the teams sub-directory within your config folder
  • Edit the files accordingly to the provider. Parameters are as follows:
    • teams_client_id: # teams app client id
    • teams_client_secret: # teams app secret
    • teams_tenant_id: # teams app tenant id
    • teams_bot_username: # teams bot username
    • teams_bot_password: # teams bot password
    • teams_cert_file: teams.crt
    • teams_cert_private: teams.key
    • teams_fqdn:
    • bot_display_name: Teams Bridge Bot
    • bot_sender_localpart: teams-bot
    • enable_welcome_room: true
    • welcome_room_text: The text to display when the bridge joins a room.
    • namespaces_prefix_user: OPTIONAL. default to teams
    • namespaces_prefix_aliases: OPTIONAL. default to teams_
  • For each Bridged Group, you will need to set a group_id and some properties found in the config sample.
  • Run the installer to configure SAML provisioning
Back to top