Setting Up the Teams Bridge
Configuring Teams Bridge
Register with Microsoft Azure
You will first need to generate an "Application" to serve connect your Teams bridge with Microsoft.
- Connect to Azure on https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview to go to the Active Directory.
- Go to "Register an application screen" and register an application.
- Supported account types can be what fits your needs, but do not select "Personal Microsoft accounts"
-
Redirect URI must be
https://<teams_fqdn>/authenticate
. You must use the typeDesktop and Mobile apps
. You don't need to check any of suggested redirection URIs. - You should be taken to a general configuration page. Click Certificates & secrets
- Generate a Client Secret and copy the resulting value. The value will be your
teams_client_secret
.
Permissions
You will need to set some API permissions.
For each of the list below click Add permission > Microsoft Graph > and then set the Delegated permissions.
- ChannelMessage.Read.All - Delegated
- ChannelMessage.Send - Delegated
- ChatMessage.Read - Delegated
- ChatMessage.Send - Delegated
- ChatMember.Read - Delegated
- ChatMember.ReadWrite - Delegated
- Group.ReadWrite.All - Delegated
- offline_access - Delegated
- profile - Delegated
- Team.ReadBasic.All - Delegated
- User.Read - Delegated
- User.Read.All - Delegated
For each of the list below click Add permission > Microsoft Graph > and then set the Application permissions:
- ChannelMember.Read.All - Application
- ChannelMessage.Read.All - Application
- Chat.Create - Application
- Chat.Read.All - Application
- Chat.ReadBasic.All - Application
- Chat.ReadWrite.All - Application
- ChatMember.Read.All - Application
- ChatMember.ReadWrite.All - Application
- ChatMessage.Read.All - Application
- Group.Create - Application
- Group.Read.All - Application
- Group.ReadWrite.All - Application
- GroupMember.Read.All - Application
- GroupMember.ReadWrite.All - Application
- User.Read.All - Application
Once you are done, click Grant admin consent
-
Go to Overview
-
Copy the "Application (client) ID" as your
teams_client_id
in the config -
Copy the "Directory (tenant) ID" as the
teams_tenant_id
in the config.
Setting up the bot user
The bridge requires a Teams user to be registered as a "bot" to send messages on behalf of Matrix users. You just need to allocate one user from the Teams interface to do this.
- First, you must go to the Azure Active Directory page.
- Click users.
- Click New user.
- Ensure Create user is selected.
- Enter a User name ex. "matrixbridge".
- Enter a Name ex. "Matrix Bridge".
- Enter an Initial password.
- Create the user.
- Optionally, set more profile details like an avatar.
- You will now need to log in as this new bot user to set a permanent - password (Teams requires you to reset the password on login).
- After logging in you should be prompted to set a new password.
- Enter the bot username and password into config under
teams_bot_username
andteams_bot_password
Getting the groupId
The groupId can be found by opening Teams, clicking ... on a team, and clicking "Get link to team". The groupId is included in the URL.URL 218b0bfe-05d3-4a63-8323-846d189f1dc1
in this example.
https://teams.microsoft.com/l/team/19%3airo0gaiGh5tho_6RN6SB_UMqXW5r1myichuPh4azqq01%40thread.tacv2/conversations?groupId=218b0bfe-05d3-4a63-8323-846d189f1dc1&tenantId=ook0Bu2j-4b54-4af6-947b-7iesha3iTc7f
https://teams.microsoft.com/l/team/
19%3airo0gaiGh5tho_6RN6SB_UMqXW5r1myichuPh4azqq01%40thread.tacv2/
conversations?
groupId=**218b0bfe-05d3-4a63-8323-846d189f1dc1**
&tenantId=ook0Bu2j-4b54-4af6-947b-7iesha3iTc7f
On the hosting machine
Generate teams registration keys
openssl genrsa -out teams.key 1024
openssl req -new -x509 -key teams.key -out teams.pem -days 365
Configure Teams Bridge
- Copy the sample file from
config-sample/teams/
to theteams
sub-directory within your config folder - Edit the files accordingly to the provider. Parameters are as follows:
teams_client_id: # teams app client id
- teams_client_secret: # teams app secret
- teams_tenant_id: # teams app tenant id
- teams_bot_username: # teams bot username
- teams_bot_password: # teams bot password
- teams_cert_file: teams.crt
- teams_cert_private: teams.key
- teams_fqdn:
<teams bridge - fqdn> teams_bridged_groups: - group_id: 218b0bfe-05d3-4a63-8323-846d189f1dc1 #change me properties: autoCreateRooms: public: true powerLevelContent: { users: "@alice:example.com": 100 # This will add <alice> account as admin "@teams-bridge:example.com": 100 # the Teams bot mxid <teams_bot_username>:<domain_name> } autoCreateSpace: true limits: maxChannels: null maxTeamsUsers: 25 # repeat -group_id: section above for each Team you want to bridge bot_display_name: Teams Bridge Bot
- bot_sender_localpart: teams-bot
- enable_welcome_room: true
- welcome_room_text:
The|textWelcome, your Element host is configured todisplaybridgewhento a Teams instance. This means that Microsoft Teams messages will appear on your Element account and you can send messages in Element rooms to have them appear on teams. To allow Element to access your Teams account, please say `login` and follow thebridgestepsjoinstoagetroom.connected. - Once you are connected, you can open
the 🧠Explore Rooms dialog to find your Teams rooms.
# namespaces_prefix_user:
OPTIONAL.OPTIONAL: default toteams_teams_ # - namespaces_prefix_aliases:
OPTIONAL.OPTIONAL: default to teams_
- For each Bridged Group, you will need to set a group_id and some properties found in the config sample.
Run the installer to configure SAML provisioning