Sites and domains
When configuring various settings for your Microsoft Teams integration it is important to understand the difference between Totara sites and domains. Sites can be installed in a sub-folder on a domain. For example, a domain with Totara Learn installed could have the following:
- Domain: www.totarasite.com
The domain shows which domain the site is located on, but to access the Totara Learn instance itself you need to use the site name. For certain settings, such as API scope, you need to use the domain name (www.totarasite.com/) rather than the Learn site name.
Set up process
Step 1: Prepare Office 365
- Log in to your Microsoft account at https://admin.teams.microsoft.com/.
- Navigate to Teams App > Manage Apps and select Org-wide App settings.
- Check the Allow third-party apps setting and save.
Step 2: Create an application in Azure
- Log in to Microsoft Azure at https://portal.azure.com/.
- Navigate to App registrations either by searching 'app registrations' from the search bar, or by navigating to More services > All services. If you have recently accessed App registrations it will be available on the dashboard.
- Click New Registration.
Enter the Name for your app and select Accounts in any organizational directory (Any Azure AD directory - Multitenant) in Supported account types.
In Azure there are three choices for Supported account types supported with Totara:
- Accounts in any organizational directory (Any Azure AD directory - Multitenant): This is the recommended choice for this integration
- Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox): Users can also log in using their personal accounts
- Personal Microsoft accounts only: Users can only log in using their personal account (e.g. @hotmail.co.uk)
Please note that the options including personal Microsoft accounts any personal accounts must be external users of your Azure AD tenant. For more information please refer to Microsoft's documentation.
- Click Register to create the app.
- Make a note of the Application (client) ID as this will be required when configuring Totara integration settings later.
- Complete all fields on the Branding page:
- Name: The name of your app, which you should have set in step 2
- Logo: You can use the same logo when configuring MS Teams within Totara
- Home page URL: This should be the URL of your Totara website
- Terms of service URL: This should be the same URL you use when configuring MS Teams within Totara
- Privacy statement URL: This should be the same URL you use when configuring MS Teams within Totara
- Save your changes.
Step 2a: Setting up Microsoft Single Sign-On (optional)
For additional information please see Microsoft's documentation.
- In the Authentication blade click Add Platform then select Web.
- Enter https://[your.totara.site]/admin/oauth2callback.php for the Redirect URI and https://[your.totara.site]/totara/msteams/sso_logout.php for the Logout URL, then Save. If you use a different folder than 'admin', use that one instead.
- Add one more Redirect URI: https://[your.totara.site]/totara/msteams/oidc_login.php then Save.
- In the Expose an API blade click Add Scope and enter api://[your.totara.domain]/[Application (client) ID], then select Save. This will be used in the Totara integration settings, but is only necessary if you require Single Sign-On.
- Enter the following scope properties:
- Scope name: 'access_as_user'
- Who can consent: Admin and user
- Admin consent display name: 'Teams can access the user's profile'
- Admin consent description: 'Allows Teams to call the app's web APIs as the current user.'
- User consent display name: 'Teams can access your user profile and make requests on your behalf'
- User consent description: 'Enable Teams to call this app's APIs with the same rights that you have.'
- State: Enabled
- Click Add a client application.
- Add Teams desktop/native client: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 and Add Teams web client: 5e3ce6c0-2b1f-4285-8d4b-75ee78787346.
- In the API permissions blade click Add permission and select the following permissions under Microsoft Graph > Delegated permissions:
- User > User.Read
- Save your selection and click and confirm Grant admin consent for [tenant name].
- In Certificates & Secrets blade click New client secret.
- Give it a Name, choose the Expiration period and Save.
- Make a note of the Client Secret value, as this will be required later in the process.
Step 3: Create a Bot in Azure (optional)
The bot framework setup is required in order to enable the messaging extension and notifications. The bot framework within Microsoft Teams allows for authentication to support these two features. However, these are optional features - if you do not wish to enable the messaging extension and notifications then creating a bot in Azure is not required.
Notifications for MS Teams also need to be enabled in the message outputs.
- Log in to Microsoft Azure at https://portal.azure.com/.
- Navigate to Applied AI services > Bot services.
- Click Create, then scroll down and click Load more, then select Azure Bot.
- Click Create and complete the form with the following details:
- Bot Handle: Any unique handle of your choice
- Subscription: Select your existing subscription
- Resource group: Select an existing group or create a new one
- Location: For new resource groups select the location of your choice (choose somewhere close to your server)
- Pricing tier: Click change plan and select the F0 (free) tier
- Microsoft App ID:
- For Type of App select Multi Tenant
- For Creation Type select Create new Microsoft App ID
- Click Review and Create, then Create, then Go to resource
- You can optionally personalise the icon and name for the bot under Settings > Bot Profile > Icon & Display Name.
- Under Settings > Configuration enter:
- Messaging endpoint: then click Apply.
- Under Settings > Channels click Microsoft Teams under Available Channels. Agree to the Terms of Service. Select the appropriate Messaging setting (probably Microsoft Teams Commercial), then click Apply, then Close.
- Navigate to App registrations and select the newly created bot.
- Make a note of the Application (client) ID, as this will be used as the Bot app ID in the Totara integration settings later in the process.
- On the Manage > Certificates & Secrets page, delete any existing secret, then click New client secret.
- Give it a Name, choose the Expiration period and Save.
- Make a note of the Client Secret for Bot value, as this will be required later in the process.
Step 4: Prepare the Microsoft Teams extension in the Totara admin settings
Next you need to go to your Totara site to configure the admin settings.
- Log in to your Totara site as a Site Administrator.
- If using Single Sign On, set up the OAuth 2 SSO plugin using the following steps. Otherwise, skip to step 3.
- Enable the OAuth 2 plugin.
- After selecting Create new Microsoft service set the following values for the settings:
- Client ID: Your Application (client) ID from the Azure app
- Client secret: Your Client Secret from the Azure app
- Require email verification: Decide if you want to require email verification
- Click Save changes.
- Click the Connect system account icon in the System account connected column and log in to your Microsoft account.
- Navigate to Site administration > Security > HTTP security and enable Allow frame embedding, then click Save changes.
- (Optional) In order to allow catalogue images to show in the Messaging Extension feature, Microsoft requires images to be made publicly accessible via direct URL. If you would like the images to show, navigate to Quick-access menu > Security and enable the Allow public access to catalogue item pictures setting.
- Navigate to Site administration > Microsoft Teams > Microsoft Teams integration.
- Set the following values:
- Manifest app ID: Your Application (Client) ID from the Azure app
- Package name: Unique package name as a reversed domain (e.g. site.totara.your.msteams)
- Under the Set up single sign-on heading, if you are using single sign-on:
- Set the OAuth2 service setting to Microsoft - note that the OAuth2 authentication plugin must be enabled and using Microsoft's identity provider for single sign-on.
- Set the SSO app ID to the Application (client) ID from the Azure app
- Set the Resource scope to the api://[your.totara.domain]/[Application (client) ID] from the Azure app
- Otherwise, make sure the OAuth2 service setting is set to None and continue
- If you are planning to use Bot notifications (see step 3) then under the Set up the conversational bot heading:
- Tick the Bot feature enabled setting
- Tick the Message extensions feature enabled setting
- Set the Bot app ID setting to the Application (client) ID for the Bot from the Azure bot app
- Set the Client secret setting to the Client secret setting from the Azure bot app
- Customise the application to match your organisation's visual brand.
- Save your changes to generate a manifest file, while can then be downloaded in the Totara app installation settings.
Step 5: Install the app
Finally you just need to install the app on Microsoft Teams. You can do this by following these steps:
- Navigate to Site administration > Microsoft Teams > Totara app installation.
- Confirm that all checks for enabled features have been passed or skipped.
- Download the manifest file.
- Navigate to https://admin.teams.microsoft.com/, then Teams apps > Manage apps.
- Click Upload, then Select a file. Select the manifest file downloaded in step 3, then confirm.
Updating an existing app
If you are updating your app or making changes to the app name, description, icon, or adding or making changes to the language packs/strings, you will need to download and re-upload the manifest file. When you are creating a new manifest file you need to ensure that you update the app version number in the semver format, e.g. 1.0.0 to 1.0.1.
Once you have made the required updates, click Save and go to the Totara app installation setting.
- Go to Team admin settings > Manage apps (https://admin.teams.microsoft.com/policies/manage-apps).
- Search for your app and select it.
- Click Update.
- Select the downloaded manifest.zip file.
- If Microsoft Teams says the app already exists, you should keep increasing the version number, re-download and re-upload a manifest file.
Please note that it can take up to 30 minutes for the app to update for all users, and may require restarting the app.
If an updated app has a new feature (for example, the current version doesn't have bot enabled but the new version does), then a banner will be displayed on the app tabs. An admin has to click Upgrade to upgrade the app.
Customising the app
The Microsoft Teams integrations settings in Totara allow you to customise your app before downloading the manifest file. This configuration includes the app name, descriptions and icons.
|Short name and full name||The app name is defined in the short and/or full name fields. Note that the app full name is optional, but it may be suitable if your organisation name is longer than 30 characters. For example, you could use the short name field if your organisation has a longer name but is commonly known by an acronym.|
|Short description||This field should be used for a short summary of the app. This description will be displayed in the app catalogue and will help users to identify your app.|
|Full description||The full description is intended for a more in-depth overview of the app and its capabilities. This will be displayed beneath the short description in the app catalogue.|
|Full colour icon||This is the icon that will appear in the catalogue or any other modal. The standard format is .PNG|
|Outline icon||The outline icon will appear in the side panel where the app will be pinned. The standard format is .PNG|
The accent colour is the background colour that will be displayed behind the icon image. This will only be visible for icon .PNG images that have a transparent background. This colour is also used on the sign-in card.
Once the configurations have been set and saved, a manifest file will be created.