Skip to content

Components of IdentityIQ's Microsoft Teams

Here is an overview of the components that are part of the IdentityIQ Microsoft Teams Notifications and Access Request Approvals feature. Some of these components are created as App registrations in Azure. Detailed instructions for creating and configuring these components are provided later in this document.

SSO Entra Application Proxy – An Azure application that acts as a proxy for accessing the IdentityIQ without configuring firewall for public internet access. The application enables the IdentityIQ approvals page to load with Single sign-on (SSO) within Microsoft Teams. It should be created under the Enterprise Applications section in Azure. This setup facilitates proxy configuration and SSO integration for accessing My Approvals page of IdentityIQ/UI in Microsoft Teams. For detailed steps, see Creating an SSO Entra Application Proxy in Azure [Link needed].

Connector Application – Register a Connector application in Azure and then create a corresponding Azure Active Directory (AD) application in IdentityIQ using the credentials from the Azure app registration. For detailed steps, see Creating a Connector Application in Azure [Link needed].

API Access Application – An Azure app registration that facilitates token-based authentication between Microsoft Teams and IdentityIQ by defining a GetToken scope and the appropriate audience value. When an API token request is made, IdentityIQ will check for specific variables to verify the token and, upon successful validation, issues a user-specific Access Token for the bot to use. For detailed steps, see Creating an API Access Application in Azure [Link needed].

Teams Application – An Azure app registration that defines the scope required for IdentityIQ’s Microsoft Teams integration. Values from this application will be needed when creating Azure bot. The values will also be needed for the .env file used to configure the bot service code. For detailed steps, see Creating a Microsoft Teams Application for IdentityIQ in Azure [Link needed].

Chat Application Proxy – An Azure application for the bot API / message endpoint. For detailed steps, see Creating a Chat Application Proxy for IdentityIQ in Azure [Link needed].

Azure Bot for Microsoft Teams – An Azure bot that utilizes Microsoft's artificial intelligence (AI)-powered chatbot to facilitate communication between Microsoft Teams and IdentityIQ. Additionally, this bot also stores the necessary configuration to access the IdentityIQ service code. For detailed steps, see Creating an Azure Bot for IdentityIQ's Microsoft Teams[Link needed].

IdentityIQ service code – This code is provided by SailPoint and is installed in your environment. The service code package includes an environment (.env) file that must be configured with essential resource information such as the Azure Teams app ID, Azure Teams app secret, Azure tenant ID, and other relevant details. After configuring the .env file, a manifest can be generated, which is used to deploy the IdentityIQ application within the user's Microsoft Teams environment. For detailed steps, see Installing and Configuring the IdentityIQ Service Code[Link needed].

SSO Provider – An Azure app registration that facilitates SAML-based Single sign-on (SSO) between Microsoft Teams and IdentityIQ. Enabling this option simplifies the login process for Microsoft Teams users by allowing them to bypass the IdentityIQ login when accessing the IdentityIQ links in Microsoft Teams notification. For more details, see Configuring Single Sign-On to IdentityIQ from Microsoft Teams[Link needed].