Configuring API Authentication for Microsoft Teams in IdentityIQ

To enable token-based authentication between Microsoft Teams and IdentityIQ, you must create an API application in Azure, then use some of the values from the API application within IdentityIQ, to enable authentication. For related information about what to configure in Azure for token-based authentication, see Creating an API Application in Azure

To configure API Authentication in IdentityIQ:

1. Click gear > Global Settings > API Authentication.

2. On the General Settings tab, set an expiration value for tokens, in seconds. This value applies to both Token Settings (see below) and OAuth Client Management (see API Authentication).

3. Click the Token Settings tab, and set these values:

   • Access Token Authentication Scope – expected scope of the API access token issuer. This is the value you entered for Scope Name in the previous section; for example, GetToken.

   • Access Token Authentication Audience – suffix that identifies the service or system to which the call is directed. This is the value you appended to the Application ID URI in the Creating an API Application in Azure section; for example /identityiq/api. The validator will ensure the SSO audience claim ends with this value.

   • Access Token Authentication Issuers – identification of the SSO token provider. This field supports variable interpolation. Field values must be claims in the SSO token.
     For example, https://sts.windows.net/{{tid}}/.

   • Correlation Variable – the SSO claim used match the requesting user with an existing IdentityIQ user; the IdentityIQ default is oid.

4. Save your changes.

For more information on configuring your IdentityIQ instance for API authentication, see API Authentication.