Skip to main content

Setting Up the Teams Bridge

Configuring Teams Bridge

Register with Microsoft Azure

You will first need to generate an "Application" to serve connect your Teams bridge with Microsoft.

  • Connect to Azure on https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview to go to the Active Directory.
  • Go to "Register an application screen" and register an application.
  • Supported account types can be what fits your needs, but do not select "Personal Microsoft accounts"
  • Redirect URI must be https://<teams_fqdn>/authenticate. You must use the type Desktop and Mobile apps. You don't need to check any of suggested redirection URIs.
  • You should be taken to a general configuration page. Click Certificates & secrets
  • Generate a Client Secret and copy the resulting value. The value will be your teams_client_secret.

Permissions

You will need to set some API permissions.

For each of the list below click Add permission > Microsoft Graph > and then set the Delegated permissions.

  • ChannelMessage.Read.All - Delegated
  • ChannelMessage.Send - Delegated
  • ChatMessage.Read - Delegated
  • ChatMessage.Send - Delegated
  • ChatMember.Read - Delegated
  • ChatMember.ReadWrite - Delegated
  • Group.ReadWrite.All - Delegated
  • offline_access - Delegated
  • profile - Delegated
  • Team.ReadBasic.All - Delegated
  • User.Read - Delegated
  • User.Read.All - Delegated

For each of the list below click Add permission > Microsoft Graph > and then set the Application permissions:

  • ChannelMember.Read.All - Application
  • ChannelMessage.Read.All - Application
  • Chat.Create - Application
  • Chat.Read.All - Application
  • Chat.ReadBasic.All - Application
  • Chat.ReadWrite.All - Application
  • ChatMember.Read.All - Application
  • ChatMember.ReadWrite.All - Application
  • ChatMessage.Read.All - Application
  • Group.Create - Application
  • Group.Read.All - Application
  • Group.ReadWrite.All - Application
  • GroupMember.Read.All - Application
  • GroupMember.ReadWrite.All - Application
  • User.Read.All - Application

Once you are done, click Grant admin consent

  • Go to Overview

  • Copy the "Application (client) ID" as your teams_client_id in the config

  • Copy the "Directory (tenant) ID" as the teams_tenant_id in the config.

Setting up the bot user

The bridge requires a Teams user to be registered as a "bot" to send messages on behalf of Matrix users. You just need to allocate one user from the Teams interface to do this.

  • First, you must go to the Azure Active Directory page.
  • Click users.
  • Click New user.
  • Ensure Create user is selected.
  • Enter a User name ex. "matrixbridge".
  • Enter a Name ex. "Matrix Bridge".
  • Enter an Initial password.
  • Create the user.
  • Optionally, set more profile details like an avatar.
  • You will now need to log in as this new bot user to set a permanent - password (Teams requires you to reset the password on login).
  • After logging in you should be prompted to set a new password.
  • Enter the bot username and password into config under teams_bot_username and teams_bot_password

Getting the groupId

The groupId can be found by opening Teams, clicking ... on a team, and clicking "Get link to team". The groupId is included in the URL.

On the hosting machine

Generate teams registration keys

openssl genrsa -out teams.key 1024
openssl req -new -x509 -key teams.key -out teams.pem -days 365

Configure Teams Bridge

  • Copy the sample file from config-sample/teams/ to the teams sub-directory within your config folder
  • Edit the files accordingly to the provider. Parameters are as follows:
    • teams_client_id: # teams app client id
    • teams_client_secret: # teams app secret
    • teams_tenant_id: # teams app tenant id
    • teams_bot_username: # teams bot username
    • teams_bot_password: # teams bot password
    • teams_cert_file: teams.crt
    • teams_cert_private: teams.key
    • teams_fqdn:
    • bot_display_name: Teams Bridge Bot
    • bot_sender_localpart: teams-bot
    • enable_welcome_room: true
    • welcome_room_text: The text to display when the bridge joins a room.
    • namespaces_prefix_user: OPTIONAL. default to teams
    • namespaces_prefix_aliases: OPTIONAL. default to teams_
  • For each Bridged Group, you will need to set a group_id and some properties found in the config sample.
  • Run the installer to configure SAML provisioning
Back to top