Prerequisites for Integrating Microsoft Teams with IdentityIQ

Prerequisites for integrating the Microsoft Teams integration for IdentityIQ include the following:

Supported Operating Systems

IdentityIQ application in Microsoft Teams is supported on any currently available and supported versions of Windows and Linux.

Azure Prerequisites

  • Users should have a Microsoft Entra Subscription (for Entra Application Proxy) and Azure Subscription (for Azure Bot Service) along with a basic understanding of the Azure portal to configure the proxy and related services within their tenant.

  • A configured and active Azure tenant for your organization with users assigned the following roles:

    • Application Administrator – enables the users to create and manage all aspects of application registrations and enterprise applications.
    • Cloud Application Administrator – similar to Application Administrator but cannot manage applications.
    • Teams Administrator – enables the users to manage IdentityIQ’s Microsoft Teams services.
    • Teams Device Administrator – enables the users to perform management related tasks on Microsoft Teams certified devices.
    • User Administrator – enables the users to manage all aspects of users and user group, including resetting passwords for limited administrators.
  • A Microsoft Teams account with permissions to install applications.

  • Users should be familiar with the fundamentals of SAML Single sign-on (SSO) setting.

  • Optional: An Azure resource group dedicated to your IdentityIQ integration, which can help organize and manage related resources more effectively.

IdentityIQ Prerequisites

  • Recommended: Use a separate private server to run the IdentityIQ service code. The IdentityIQ service code should not be hosted on the same server as the main IdentityIQ application. The service code needs to be accessible from the internet whereas IdentityIQ server itself should remain isolated and not exposed to the internet.

Connectivity and Security Prerequisites

  • A network connection that enables Microsoft Teams to communicate with the IdentityIQ service code. This requires a public message endpoint that routes traffic to the private IP of the server hosting the service code.

  • To ensure Microsoft Teams can trust calls to the IdentityIQ service code, it must support HTTPS and use a valid certificate issued from a Microsoft supported Certificate Authority for the specified domain name. This certificate and its corresponding key are utilized by the IdentityIQ service code running on the private server.

    Note: Microsoft Teams will send messages to a server with valid SSL certificate. However, if your SSL certificate is invalid, configure the Azure Application to accept the invalid certificate and send messages. See Creating a Chat Application Proxy for IdentityIQ in Azure for details.