Configuring API Authentication for Microsoft Teams in IdentityIQ

To enable token-based authentication between Microsoft Teams and IdentityIQ, you have already created an API Access application in Azure, and you will now use some of the values from the API Access application within IdentityIQ, to enable authentication. For related information about what to configure in Azure for token-based authentication, see Creating an API Access Application in Azure.

To configure API Authentication in IdentityIQ:

  1. Select gear > Global Settings > API Authentication.

  2. On the General Settings tab, set an expiration value for tokens, in seconds. This value applies to both Token Settings (see below) and OAuth Client Management (see API Authentication).

  3. Select the Token Settings tab, and provide the following values:

    • Access Token Authentication Scope – expected scope of the API access token issuer. This is the value you entered for Scope Name in Creating an API Access Application in Azure; for example, GetToken.

    • Access Token Authentication Audience – suffix that identifies the service or system to which the call is directed. This is the value you appended to the Application ID URI in Creating an API Access Application in Azure section; for example api://<api access application>/identityiq/api. The validator will ensure the SSO audience claim ends with this value.

    • Access Token Authentication Issuers – identification of the SSO token provider. This field supports variable interpolation. Field values must be claims in the SSO token.
      For example, https://sts.windows.net/{{tid}}/.

    • Correlation Variable – the SSO claim used match the requesting user with an existing IdentityIQ user; the IdentityIQ default is oid.

  4. Save your changes.

For more information on configuring your IdentityIQ instance for API authentication, see API Authentication.

You now have successfully configured the API authentication for Microsoft Teams. For next step, refer Enabling Microsoft Teams Notifications in IdentityIQ.