Integrate MS Teams

Deploy the MS Teams integration to schedule Teams Meetings, create a team from scratch or based on an existing team, add a new channel to an existing team, send a message to a specific channel and receive a notification for newly created channels.

Note:

This integration template is in Preview and marked as Preview in the list of available templates that are shown in the product when adding a new integration. While in Preview, there is no commitment to support, and support is provided by the developer on a best-effort basis. Preview integration templates are shared for the purpose of testing and validation. We do not advise deploying them in production environments. For more information, see Maintenance statement for Microapps integration templates.

We want your feedback! Please provide feedback for this preview integration template as you use it. For any issues, our team will also monitor our dedicated forums on a daily basis.

For comprehensive details of the out-of-the-box microapp for MS Teams, see Use MS Teams microapps.

Review prerequisites

These prerequisites assume that the administrator is part of the MS Teams integration set up of the organization. This MS Teams admin account must have full read privileges for user information. After you set up this integration with MS Teams, you will need these artifacts to add the integration in Citrix Workspace Microapps:

  • BASE URL: https://graph.microsoft.com/
  • AUTHORIZATION URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize
  • TOKEN URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
  • CLIENT ID: The client ID is the string representing client registration information unique to the authorization server.
  • SECRET: The client secret is a unique string issued when setting up the target application integration.

Note:

It is recommended that you always use OAuth 2.0 as your service authentication method where available. OAuth 2.0 ensures that your integration meets the maximum security compliance with your configured microapp.

Configure Citrix Gateway to support single sign-on for MS Teams so that once users log in they are automatically logged in again without having to enter their credentials a second time. For more information about configuring SSO, see Citrix Gateway Service.

The integration requires regular access to your MS Teams instance, so we recommend creating a dedicated user account. You can view the permission/privileges at https://docs.microsoft.com/en-us/graph/permissions-reference. This account must have the following permissions:

  • Permissions required for Service Account: Full administrator privileges

The number of API requests that can be made to specific resources is limited, we therefore recommend the following:

Create a new service account

Sign in here: https://account.microsoft.com/.

Configure OAuth server

Configure the OAuth server to read data through the MS Teams integration.

  1. Log in with your service account to: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps.
  2. Select New registration.
  3. For Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
  4. Complete the required fields and enter the following authorized redirect URLs for this integration in the Redirect URL field:

    https://{yourmicroappserverurl}/admin/api/gwsc/auth/serverContext

  5. Select Register.
  6. Copy and save the Application (client) ID and Directory (tenant) ID shown on the screen. You use these details for Service Authentication while configuring the integration.
  7. Select View Permissions under Call APIs. Select Add a permission and choose the Microsoft Graph tile.
  8. Select Delegated permissions tile and add the below listed scopes:

    Group.Read.All User.Read.All GroupMember.Read.All Channel.ReadBasic.All

  9. Select Grant admin consent for Citrix Systems, and select Yes.
  10. Select Certificates & secrets from the left panel, and select New client secret. Choose never for expiration validity, and select Add.
  11. Copy and save the Value from the client secrets.

Configure OAuth client

Configure the OAuth client to write back data through the MS Teams integration.

  1. Log in with your service account to: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps.
  2. Select New registration.
  3. For Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
  4. Complete the required fields and enter the following authorized redirect URLs for this integration in the Redirect URL field:

    https://{yourmicroappserverurl}/app/api/auth/serviceAction/callback

  5. Select Register.
  6. Copy and save the Application (client) ID and Directory (tenant) ID shown on the screen. You use these details for Service Action Authentication while configuring the integration.
  7. Select View Permissions under Call APIs. Select Add a permission and choose the Microsoft Graph tile.
  8. Select Delegated permissions tile and add the below listed scopes:

    Channel.Create Group.ReadWrite.All ChannelMessage.Send Calendars.ReadWrite

  9. Select Grant admin consent for Citrix Systems, and select Yes.
  10. Select Certificates & secrets from the left panel, and select New client secret. Choose never for expiration validity, and select Add.
  11. Copy and save the Value from the client secrets.

Add the integration to Citrix Workspace Microapps

Add the MS Teams integration to Citrix Workspace Microapps to connect to your application. The authentication options are preselected. Ensure that these options are selected as you complete the process. This delivers out-of-the-box microapps with pre-configured notifications and actions which are ready to use within your Workspace.

Follow these steps:

  1. From the Microapp Integrations page, select Add New Integration, and Add a new integration from Citrix-provided templates.
  2. Choose the MS Teams tile.
  3. Enter an Integration name for the integration.
  4. Enter Connector parameters.
    • Enter the instance Base URL: https://graph.microsoft.com/
    • Select an Icon for the integration from the Icon Library, or leave this as the default icon.
  5. Under Service authentication, select OAuth 2.0 from the Authentication method menu and complete the authentication details. The authentication options are preselected. Ensure that these options are selected as you complete the process. Use the OAuth 2.0 security protocol to generate request/authorization tokens for delegated access. It is recommended that you always use OAuth 2.0 as your service authentication method where available. OAuth 2.0 ensures that your integration meets the maximum security compliance with your configured microapp.

    1. Select Authorization code from the Grant type menu. This grants a temporary code that the client exchanges for an access token. The code is obtained from the authorization server where you can see the information the client is requesting. Only this grant type enables secure user impersonation. This displays the Callback URL, which you use when registering your application.
    2. Select Request body from the Token authorization menu.
    3. The Authorization URL is prefilled: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize
    4. The Token URL is prefilled: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
    5. Ensure the following is entered for Scope: .default offline_access
    6. Enter your Client ID. The client ID is the string representing client registration information unique to the authorization server. You collect this and the secret when you configure the OAuth server. You need to add the Callback URL you see on the integration configuration page.
    7. Enter your Client secret. The client secret is a unique string issued when setting up the target application integration.
  6. Under Service Action Authentication, enable the Use Separate User Authentication in Actions toggle. Service action authentication authenticates at the service action level. The authentication options are preselected. Ensure that these options are selected as you complete the process.

    1. Select OAuth 2.0 from the Authentication method menu and complete the authentication details.
    2. Select Request body from the Token authorization menu.
    3. The Authorization URL is prefilled: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize
    4. The Token URL is prefilled: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
    5. Ensure the following is entered for Scope:.default offline_access
    6. Enter your Client ID. The client ID is the string representing client registration information unique to the authorization server. You collect this and the secret when you configure the OAuth client. You need to add the Callback URL you see on the integration configuration page.
    7. Enter your Client secret. The client secret is a unique string issued when setting up the target application integration.
  7. Enable the Enable request rate limiting toggle. Enter 60 for Number of requests and 1 second for Time interval.

  8. (Optional) Enable Logging toggle to keep 24 hours of logging for support purposes.
  9. Select Save to proceed.
  10. Under OAuth Authorization, select Authorize to log in with your service account. A pop-up appears with a Microsoft login screen.
    1. Enter your Service Account username and password and select Sign in.
    2. Select Accept. Service Authentication

Note:

  • It is recommended to set the Full Synchronization interval as Daily to regularly refresh data from MS Graph to the Microapps platform and receive timely notifications for any newly created channels.
  • As the currently available 40 time zones are hardcoded in the Create Meeting microapp, addition of any other time zone would require the admin to add them manually.
  • When a user creates a channel using Add Channel or Create Team microapp, the newly created channel is hidden by default in MS Teams.
  • We have currently hardcoded the template list in Create Team microapp. To add any other template type, the admin must add them manually.

The Microapp Integrations page opens with your added integration and its microapps. From here, you can add another integration, continue setting up your out-of-the-box Microapps, or create a new microapp for this integration.

You are now ready to set and run your first data synchronization. As a large quantity of data can be pulled from your integrated application to the Microapps platform, we recommend you use the Table page to filter entities for your first data synchronization to speed up synchronization. For more information, see Verify needed entities. For complete information about synchronization rules, synchronization that does not meet its schedule and veto rules, see Synchronize data.

For more details of API endpoints and table entities, see MS Teams connector specifications.

Use MS Teams microapps

Existing application integrations come with out-of-the-box microapps. Start with these microapps and customize them for your needs.

Add Channel: Add a new channel to an existing team.

Notification or Page Use-case workflows
Add Channel page Provides a form for adding channel to an existing team with the following details: Team (Teams drop-down), channel name and description.

Create Meeting: Schedule an MS Teams meeting as per user preference.

Notification or Page Use-case workflows
Create Meeting page Provides a form to schedule a meeting with the following details according to user preference: Meeting Title, Start Date/Time, End Date/Time, TimeZone, Recurrence (once, daily, weekly, monthly), Description and Attendees for the meeting.

Create Team: Create a team from scratch or based on an existing team as per user preference. Additionally, whenever a Channel is created for any team, the team owner will receive a notification.

Notification or Page Use-case workflows
New channel has been added notification When a new channel is added to a team, the team owner receives the notification.
Channel Details page Provides a read only view of a newly created channel with Channel Details and Channel Members.
Create Team/Channel page Provides two buttons; From Scratch which navigates to the Create Team from Scratch page, and From Existing Team which navigates to the Create Team from Group page.
Create Team from Scratch page Provides a form to Create a team from Scratch with the following details : Team Name, Team Description, Type of the team (Private / Public), Template (drop down with different Template options), Channel Name, Channel description, Add to favorite check box, Tab Name, Content URl, Member Settings and Discovery Settings.
Create Team from Group page Provides a form to create a team from an existing team with the following details : Team (Team drop-down), Team Name, Type of the Team (Private / Public), Team Description and Parts to include from the original team.

Send Message: Send a message to a specific channel in any team.

Notification or Page Use-case workflows
Send Message to a Channel page Provides a form to send a message to a channel of an existing team with the following details: Team (Teams drop-down), Channel (Channel drop-down), and Message.
Integrate MS Teams