Prerequisites for Integrating Microsoft Teams with IdentityIQ

Prerequisites for implementing the Microsoft Teams integration for IdentityIQ include the following:

Supported Operating Systems

IdentityIQ's Microsoft Teams bot is supported on any currently available and supported versions of Windows and Linux.

Azure Prerequisites

  • A familiarity with Azure concepts and operations on the part of your implementation team

  • A configured and functioning Azure tenant for your organization

  • A configured IdentityIQ Connector application. This application provides the permissions necessary for aggregating Active Directory user and group data into IdentityIQ. It communicates with a corresponding Azure Active Directory application within IdentityIQ. For more information, see SailPoint's Integrating SailPoint with Azure Active Directory Connector guide, which is available in the Microsoft Azure Active Directory area of the Connector Directory on Compass.

  • Optional: a resource group in Azure for your IdentityIQ integration. This can help with organizing your Azure resources.

IdentityIQ Prerequisites

  • A configured instance of an Azure Active Directory application. This is used to aggregate user and group data from Azure Active Directory into IdentityIQ, and correlate it to IdentityIQ users. Some modifications will be made to this application as part of setting up the Microsoft Teams integration, and are described later in this document. You can also refer to SailPoint's Integrating SailPoint with Azure Active Directory Connector guide, which is available in the Microsoft Azure Active Directory area of the Connector Directory on Compass.

  • Recommended: a private server to run the IdentityIQ service code. The IdentityIQ service code should not be run on the same server as IdentityIQ; the service code must be exposed to the Internet, and the IdentityIQ server should not be exposed to the Internet.

Connectivity and Security Prerequisites

  • A network connection that allows Microsoft Teams to contact the IdentityIQ service code. This requires a public IP address that routes to the private IP of the server running the service code. The traffic can be limited to a specific port, which is customizable. The public IP must be resolvable by a DNS.

  • To enable Microsoft Teams to trust the call to the IdentityIQ service code, it must support HTTPS and have a valid certificate from a Microsoft supported Certificate Authority for the domain name in the previous item. The certificate and key are used by the IdentityIQ service code running on the private server. Note that Microsoft Teams will not send messages to a server with an invalid certificate; this includes a self-signed certificate.