Microsoft Teams
When you set up a Microsoft Teams channel, users can chat with your digital assistant (or a standalone skill) through the Microsoft Teams user interface.
Here's the process for setting up a channel:
- In Microsoft Teams' Developer Portal, create an app and add a bot to that app.
- Using the app ID and password from the bot, create a channel in Digital Assistant .
- Copy the webhook URL that is generated when you create the channel and add it to the bot.
- Test your digital assistant in Microsoft Teams.
Skills and digital assistants that you expose through Microsoft Teams channels can also be included in group chats. See Group Chats.
Step 1: Create a Bot
To make your digital assistant (or standalone skill) available in Microsoft Teams, you need to create the following through the Teams Developer Portal:
- A Microsoft Teams app. This app is the container for the bot that you create and is how you access the bot in Teams.
- A bot. This is the artifact within the app that communicates with Oracle Digital Assistant
The Teams Developer Portal isn't available for some kinds of Microsoft tenants, such as GCC-High and Department of Defense (DoD) tenants. If you are working with such a tenant, you can use a regular tenant to be build the app, download the app, and then use Microsoft Graph to upload the app to your national cloud. See Developer Portal for Teams and National Cloud Deployments on Microsoft's site for details.
Here are the steps:
- Go to https://dev.teams.microsoft.com/home and log in with your Microsoft account.
- In the left navigation, click Apps.
- Click + New app.
- In the Add App dialog, fill in the name you want
to use for the app as it will appear in Microsoft Teams and then click
Add.
(This app will encapsulate the bot, which you will create later.)
- On the Basic Information page, fill in the
remaining required fields except for Application (client) ID and click
Save.
Note
This field is only needed if you configure the bot for single sign-on. See SSO Configuration for Microsoft Teams Channels. - In the left navigation of the page, under the Configure section, select App features.
- Click Bot.
- Click the Create a new bot link.
- On the Bot Management page click + New Bot.
- In the Add bot dialog, enter a name for the bot.
- In the Channels section of the page, select the Microsoft Teams checkbox and click Save.
- In the Client Secrets section, select Add a client secret for your bot.
- Copy the value of the generated client secret and save it in a safe place on your system.
- In the Client Secrets section of the page, right-click the Azure link to open the App Registrations page of Azure Active Directory in a separate browser tab.
- In the App Registrations page, select the bot resource that you created.
- In the left rail select, Authentication.
- In the Supported account types section of the page, select the multi-tenant option (Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
- If you want to be able to use external events to send messages to users
through a Microsoft Teams channel, add permissions for fetching the user profile
through the Microsoft Graph API. (The external events feature uses cached user data
from past conversations to generate notifications or proactively initiate
conversations with the user.) Here are the steps for adding those permissions:
- In the left navigation of the App Registrations page for the bot, select API Permissions.
- Click Add a Permission.
- In the Request API permissions dialog, select Microsoft Graph.
- Select Application permissions.
- Select the Directory.Read.All permission and click Add Permissions.
- Once the permission appears in the Configured permissions list, select the permission, click Grant admin consent for... and then click Yes in the Grant admin consent confirmation dialog.
-
Return to the tab where you have the Developer Portal open in your browser.
-
In the left navigation, click Apps and then select your app.
-
In the left navigation for the app, select App features.
-
Click the Bot tile.
-
In dropdown below the Select an existing bot, select the bot that you just created.
-
Once again, in the left navigation for the app, select App features.
-
In the Bot title, copy the bot ID and save it in a text file.
Note
You may have to manually transcribe the bot ID.You'll need this ID when you create the channel in Digital Assistant.
- In the Scopes section of the page, select Personal.
(You can also select other scopes, but Personal is required for the bot to respond.)
-
Click Save.
-
Optionally, in the left navigation of the page, under the Configure section, select Domains and add any domains that the bot's users may be coming from.
-
Leave the Developer Portal open in your browser.
You'll later complete the registration with a webhook URL that you get when you create the channel in Digital Assistant.
Step 2: Create a Channel in Digital Assistant
-
In a separate browser window or tab, open Digital Assistant, click Channels in the left menu, and choose Users.
-
Click + Channel to open the Create Channel dialog.
-
Give your channel a name.
-
Choose Microsoft Teams as the channel type.
-
Fill in Microsoft Bot Id with the ID of the Microsoft bot that you created.
-
Fill in Microsoft Bot Password (Client Secret Value) with the password or the client secret value (not to be confused with the client secret ID) that was generated for the bot.
-
Click Create.
-
In the Channels page, copy the WebHook URL and paste it somewhere convenient on your system.
-
Click and select the digital assistant or skill that you want to associate with the channel.
-
Switch on the Channel Enabled control.
Step 3: Configure the Webhook URL for Microsoft Teams
Now you need to circle back and complete the configuration in Microsoft Teams.
-
Return to the browser tab where you have the Teams Developer Portal open.
-
In the far left navigation of the page, select the Tools icon and then click Bot Management.
-
Select the bot you created.
- On the bot's page, select the Configure tab.
-
In the Bot endpoint address field, paste the webhook URL that you obtained when creating the channel in Digital Assistant and then click Save.
Step 4: Enable Apps in Your Office 365 Tenant
You next need to have your Office 365 administrator configure your tenant to:
- Allow external apps in Microsoft Teams.
- Allow sideloading of external apps.
- Enable new external apps by default.
For the concrete steps, see https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/build-and-test/prepare-your-o365-tenant.
Step 5: Test in Microsoft Teams
With the Microsoft Teams channel and messaging configuration complete, you can test your digital assistant (or skill) in Microsoft Teams. To do so:
- On the page for the app that you created with the Microsoft Developer Portal,click the Preview in Teams button.
SSO Configuration for Microsoft Teams Channels
If you want a digital assistant or skill to require the same authentication that you have configured for Microsoft Teams, you can set up single sign-on (SSO) authentication for that digital assistant or skill within Microsoft Teams.
Once this SSO authentication is set up, users will be able to log in to Teams with their Azure Active Directory (Azure AD) credentials and then seamlessly interact with the digital assistant, without having to sign in again.
Any backend applications accessed through the digital assistant need to support Azure AD access tokens directly.
Here are the general steps for configuring SSO for a Microsoft Teams channel:
- (If you haven't already done so) create a Microsoft Teams channel as described in the preceding topics.
- Create an Azure AD application in the Azure Portal.
- Update the Microsoft bot registration with with SSO details.
- In Oracle Digital Assistant, register the Azure AD app as a Microsoft Identity Platform authentication service.
- Enable authentication in your skill(s) through the authentication service you have registered.
Create an Azure AD Application
To set up SSO for a skill or digital assistant within Microsoft Teams, you need to create an Azure AD application. This application is in addition to the Azure AD application you have already created as part of setting up the Microsoft Teams channel.
Before getting started, make sure that you have the following:
- An Azure account with an active subscription.
- The Microsoft App ID for the bot that you have set up with your Microsoft Teams channel.
- Admin access to the Azure portal.
Here are the steps for creating an Azure AD application for SSO:
- Create a new application registration:
- Navigate to https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade in the Azure portal.
- Click New Registration.
- Fill in the Name field.
- In the Supported account types section, select the Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) radio button.
- Click Register.
Once the application is created, you will land in the Overview section. The Application (client) ID and Directory (tenant) ID should be created for your app.
- Add a web platform configuration:
- In the left navigation, select Authentication.
- Under Platform configurations, click Add a platform and select Web.
- Add a redirect URI using the following format:
<YOUR_Oracle-Digital-Assistant_URL>/connectors/v2/callback
- Click Configure.
- Create a client secret:
- In the left navigation, select Certificates and secrets.
- Click + New client secret, fill in the required fields, and click Add.
- Copy the client secret value and store in a secure place. You'll need this value later.
- Configure the token:
- In the left navigation, select Token configuration.
- Click + Add optional claim.
- For Token type, select Access.
- Select these claims:
- given_name
- upn
- Click Add.
- Select the Turn on the Microsoft Graph email, profile permission (required for claims to appear in token) option and click Add.
- In the left navigation, select API permissions.
There you can see that three permissions are created.
- Click + Add a Permission and add User.ReadBasic.All.
You will need this to access profile information.
- Set the application ID URI:
- In the left navigation, select Expose an API.
- Click the Application ID URI field.
- Update the value in the
format:
api://botid-<Microsoft_App_ID_for_your_bot>
Note
This needs to be the application ID for the bot, not the one for the SSO APP. - Click + Add a scope.
- In the panel that opens:
- Set
access_as_user
as the Scope name.The domain part of the scope name displayed just below the text field should automatically match the Application ID URI set in the previous step, with
/access_as_user
added to the end. - Set Who can consent? to Admins and users.
- Set
- Fill in the fields for configuring the admin and user consent prompts with values that are appropriate for the
access_as_user
scope.Here are some suggestions:
- Admin consent title: Teams can access the user’s profile.
- Admin consent description: Allows Teams to call the app’s web APIs as the current user.
- User consent title: Teams can access your user profile and make requests on your behalf.
- User consent description: Enable Teams to call this app’s APIs with the same rights that you have
- Ensure that State is set to Enabled.
- In the Authorized client applications section, click + Add a client application.
- Enter the following IDs:
1fec8e78-bce4-4aaf-ab1b-5451cc387264
This is the Teams mobile and desktop application.
5e3ce6c0-2b1f-4285-8d4b-75ee78787346
This is the Teams web application.
- Update the manifest:
- In the left navigation, select Manifest.
- Set
"acceptMappedClaims"
totrue
. - Set
"accessTokenAcceptedVersion"
to2
. - Click Save.
- Grant tenant admin permissions to the Azure AD application.
- In the left navigation, select Overview.
- Copy the Application (client) ID, the Directory (tenant) ID and the Application ID URI and save them in a convenient place.
- In a private browser window, log in to the Microsoft admin account.
The URL takes the following form:
where you replacehttps://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=<client-id>
<tenant-id>
with the Directory (tenant) ID that you just copied and you replace<client-id>
with the Application (client) ID that you just copied.
- In the Permissions requested dialog, review and accept the permissions.
Update the Bot Registration with the SSO Details
Update your Microsoft bot with the SSO details you have configured:
- Open the bot in the Teams Developer Portal and open the Manifest Editor.
- Select the Basic information tab.
- Scroll down to the Application (client) ID field and insert the application (client) ID.
- Select the Single-Sign-On tab.
- In the Application ID URI, add the application ID URI that you copied earlier.
- In the left navigation, select Publish to org.
Register the Azure AD App as an Authentication Service in Digital Assistant
Now you'll register the Azure AD app as an authentication service in Oracle Digital Assistant.
-
In a separate browser window or tab, open Digital Assistant, expand Settings in the left menu, and select Authentication Services.
- Click + Service.
- In the New Authentication Service dialog, enter these values:
- Identity Provider: Microsoft Identify Platform
- Name: A name to identify the authentication service.
- Token Endpoint URL: The identity provider's URL for
requesting access tokens. Use:
https://login.microsoftonline.com/<Azure-Active-Directory-TenantID>/oauth2/v2.0/token
- Authorization Endpoint: The IDP's URL for the page that users authenticate with by entering their user name and password. Use:
https://login.microsoftonline.com/<Azure-Active-Directory-TenantID>/oauth2/v2.0/authorize
- Client ID and Client Secret: The client ID and secret for the Azure AD application (OAuth Client) that was registered. Use the application ID and secret.
- Scope:
<Application(client)_ID_for_your_bot>/access_as_user
- Subject Claim: The access-token profile claim to use to identify the user. Use email.
Reference the Authentication Service from Your Skills
In skills that need SSO authentication, incorporate the OAuth 2.0 Account Link component in the dialog flow to handle authentication through the authentication
service. In that component, be sure to set the enableSingleSignOn
property to true
. (For YAML-based dialog flows, the component is called
System.OAuth2AccountLink.)
Tip:
If you don't want to hard-code the name of the authenticate service in the component, you can create a custom parameter that you pass to the component. See Custom Parameters.Supported Capabilities
Microsoft Teams channels in Digital Assistant support the following capabilities:
- text (both sending and receiving)
- images (both sending and receiving)
- files (both sending and receiving)
- emojis (both sending and receiving)
- links
- postbacks
- custom properties
- carousel components
- list components
If you are targeting your skill to multiple channels with different formatting capabilities and syntax, you can use basic HTML markup in your messages. If you do so, that markup will be automatically converted to the Microsoft Teams markdown format when the message is transmitted to the channel. This is particularly useful if you are targeting your skills to other channels in addition to Microsoft Teams. See Rich Text Formatting in Channels.
Message Constraints
Microsoft Teams channels in Digital Assistant have the following message constraints:
- Text Messages
- Maximum length of text action label: 1 line (about 50 characters)
- Types of text actions allowed: Postback, Call, URL
- Horizontal Cards
- Maximum length of title: 2 lines (about 80 characters)
- Maximum length of description: 25,000 characters
- Maximum length of card action label: 1 line (about 50 characters)
- Maximum number of cards: 10
- Maximum number of card actions: 6. If the number of card actions exceeds 6, the card is duplicated to render remaining card actions.
- Minimum number of card actions: 0
- Maximum number of card list actions: 6
- At least one description, image or action required?: No
- Types of card actions allowed: Postback, Call, URL
- Types of card list actions allowed: Postback, Call,URL
- Vertical Cards
- Maximum length of title: 2 lines (about 80 characters)
- Maximum length of description: 25,000 characters
- Maximum length of card action label: 1 line (about 50 characters)
- Maximum number of cards: 10
- Maximum number of card actions: 3
- Minimum number of card actions: 0
- Maximum number of card list actions: 6
- At least one description, image or action required?: No
- Types of card actions allowed: Postback, Call, URL
- Types of card list actions allowed: Postback, Call, URL
- Attachment Messages
- Supported?: Yes
- Types of actions allowed: Postback, Call, URL
- Action Buttons
- Maximum length of global action label: 1 line (about 50 characters)
- Maximum number of global actions: 6
- Types of global actions allowed: Postback, Call, URL
Adaptive Cards in Microsoft Teams
For skills that you expose through Microsoft Teams channels in Oracle Digital Assistant, you can use Adaptive Cards.
To do so, you use the channelCustomProperties
element in a Common
Response component and set the type
property to
"AdaptiveCard"
.
You can use this element at the following levels in the component:
- At the level of a card element within a
cards
response item. This allows you to define a single adaptive card structure that will be stamped out multiple times when aniteratorVariable
has been specified for the card element. - At the level of a text response item, typically to create a single adaptive card. ( Multiple cards can be defined but the
iteratorVariable
property is not supported here.)
Tip:
In the dialog flow editor (in both Visual and YAML dialog mode), there is a Microsoft Adaptive Cards template that contains sample metadata that you can adapt to your needs.Microsoft Teams currently does not support a carousel with adaptive cards. In Common Response component metadata terms, this means that the card layout property is ignored. The cards will always be laid out vertically because horizontal layout (carousel) is simply not supported.
A second limitation to be aware of is that when a user taps on a button that is included with the adaptive card, the button label will not be printed out as user message in the conversation history. In other words, the user does not get a visual confirmation of which button she selected. This can lead to an inconsistent user experience, because buttons displayed with simple text messages, or buttons displayed with standard Common Response component cards (using the Microsoft Hero card) do print out the button label.
Example: Adaptive Card in Cards Response Item
To stamp out multiple cards, you can use the iteratorVariable
with the card
element within a response item of type cards. Here is an example to use an adaptive card to stamp out multiple pizza cards:
responseItems:
- type: "cards"
headerText: "Here are our pizzas you can order today:"
cardLayout: "horizontal"
cards:
- title: "${pizzas.name}"
description: "${pizzas.description}"
imageUrl: "${pizzas.image}"
iteratorVariable: "pizzas"
actions:
- label: "Order Now"
type: "postback"
payload:
action: "order"
variables:
orderedPizza: "${pizzas.name}"
orderedPizzaImage: "${pizzas.image}"
channelCustomProperties:
- channel: "msteams"
properties:
adaptiveCard:
type: "AdaptiveCard"
version: "1.0"
fallbackText: "Adaptive card version not supported"
body:
- type: "TextBlock"
text: "${pizzas.name}"
weight: "bolder"
- type: "TextBlock"
text: "${pizzas.description}"
wrap: true
- type: "Image"
url: "${pizzas.image}"
horizontalAlignment: "center"
actions:
- type: "Action.Submit"
title: "Order"
data:
action: "order"
variables:
orderedPizza: "${pizzas.name}"
orderedPizzaImage: "${pizzas.image}"
Example: Adaptive Card in Text Response Item
You can define an adaptive card with a text response item as follows:
responseItems:
- type: "text"
text: "This text is replaced with adaptive card defined in custom property"
footerText: "Is that correct?"
visible:
expression: "${system.channelType=='msteams' && system.entityToResolve.value.name=='Confirmed'}"
channelCustomProperties:
- channel: "msteams"
properties:
adaptiveCard:
type: "AdaptiveCard"
version: '1.0'
fallbackText: "Adaptive card version not supported"
body:
- type: TextBlock
text: 'I have all information needed to create your expense. Just to verify my understanding, here is an overview of your expense:'
wrap: true
- type: FactSet
facts:
- title: Expense Type
value: "${expense.value.Type}"
- title: Amount
value: "${expense.value.Amount.totalCurrency}"
- title: Date
value: "${expense.value.Date.date?number_to_date}"
- title: Receipt URL
value: "${expense.value.Receipt?has_content?then(expense.value.Receipt.url,'N/A')}"
actions:
- type: Action.ShowCard
title: Edit
id: edit
card:
type: AdaptiveCard
version: '1.0'
body:
- type: TextBlock
size: Medium
weight: Bolder
text: Edit Expense
- type: TextBlock
text: Expense Type
weight: Bolder
- type: Input.ChoiceSet
choices:
- title: Metro, bus, train
value: Public transport
- title: Taxi
value: Taxi
- title: Breakfast, lunch, dinner
value: dinner
id: Type
value: "${expense.value.Type!''}"
spacing: None
- type: TextBlock
text: Amount
weight: Bolder
- type: Input.Text
id: amount
spacing: None
value: "${expense.value.Amount?has_content?then(expense.value.Amount.totalCurrency,'')}"
- type: TextBlock
text: Date
weight: Bolder
- type: Input.Date
id: Date
value: "${expense.value.Date?has_content?then(expense.value.Date.date?number_to_date,'')}"
spacing: None
actions:
- type: Action.Submit
title: Submit
id: submit
You can also define multiple adaptive cards in this custom property. To do so, you prefix the type
property with a hypen (-
) to indicate a YAML list rather than a map:
channelCustomProperties:
- channel: "msteams"
properties:
adaptiveCard:
- type: AdaptiveCard
body: ...
- type: AdaptiveCard
body: ...
This can be convenient if you need to stamp out multiple static cards, but it will be more common to stamp out multiple cards using the iteratorVariable
property.
Submit Actions
Adaptive Cards has a submit action (Action.Submit
), which you can use to gather user input and send it to the skill.
You define the action's payload in the data
property of the submit
action. If you want the Common Response component to transition after the button is selected
or set some variables, you can use the standard action
and
variables
properties:
actions:
- type: "Action.Submit"
title: "Order"
data:
action: "order"
variables:
orderedPizza: "${pizzas.name}"
orderedPizzaImage: "${pizzas.image}"
If you're using input fields in your card, the name and value of these fields will be added as key-value pairs to the data
JSON object. The example above with the Edit Expense card includes three fields to modify the expense type, amount, and date. When the user taps the Submit button in this case, a JSON object like the following will be sent:
{
"Type" : "Taxi",
"Amount" : "10.0 dollar"
"Date" : "2019-09-02"
}
The Common Response component doesn't know how to process this information, as it
does not follow the common payload structure with action
and
variables
properties. To solve this, you have these options:
-
Convert the JSON payload to a string, which will then be matched for entities. If any matches are found, the variable set with the component will be updated with the corresponding entity value or entity values (in case of a composite bag entity).
To configure this option, you add the boolean
system.convertToString
property to thedata
property of the submit action:actions: - type: Action.Submit title: Submit id: submit data: system.convertToString: true
-
Have the skill update variables with the same name as the input fields. In the above example, the
"Type"
,"Amount"
and"Date"
variables would be updated.To configure this option, you add the boolean
system.setVariables
property to thedata
property of the submit action:actions: - type: Action.Submit title: Submit id: submit data: system.setVariables: true
If you don't configure any of these options, the submitted values will simply be ignored.
When using a Common Response component with a composite bag entity, you will typically use the first option, which will populate all the matched entities in the bag based on the stringified JSON payload.
You need to set the component's
processUserMessage
property to true
for these submit
actions to work.
Echo Text of Selected Button in Adaptive Card
When a user selects a button in an Adaptive Card, the conversation isn't updated to show that the user selected that option unless you include a messageBack
action for the card.
To set up a messageBack
action, see https://docs.microsoft.com/en-us/microsoftteams/platform/task-modules-and-cards/cards/cards-actions#adaptive-cards-with-messageback-action.
Disable Buttons and Fields in Adaptive Cards
Though you can't technically disable buttons and fields in Adaptive Cards, you can
create a similar effect by replacing the card when a submit action is invoked. You do so using
the Boolean replaceMessage
property that is specific to Microsoft Teams in
Common Response components.
To enable the card to be re-rendered in this way, add this property within the channelCustomProperties
section of the custom response component:
...
- type: "text"
text: "This text is replaced with the adaptive card defined in custom property"
channelCustomProperties:
- channel: "msteams"
properties:
replaceMessage: "true"
adaptiveCard:
...
You can also use an Apache FreeMarker expression to set the property's value.
Tips for Creating Adaptive Cards Definitions
The adaptive cards JSON schema is relatively complex with many different constructs supported. As such, it is error prone when you try to define the adaptive card content by hand directly inside a Common Respone component. You may find it easier to use the following process to create the adaptive cards:
- With the visual tools in Microsoft's Adaptive Cards Designer, create the adaptive card definition.
- Click Copy Card JSON to get the definition in JSON format.
- Use an online converter (such as https://jsonformatter.org/json-to-yaml) to convert the definition to YAML.
- Copy the result into a text editor and insert the indentation that is required for where it will appear in the the dialog flow definition.
- Paste the resulting text into the dialog flow.
To keep up to date on the version of Adaptive Cards supported by Teams, see https://docs.microsoft.com/en-us/adaptive-cards/resources/partners. You can visit https://adaptivecards.io/explorer/ for a list of all elements and properties and the version they were introduced.
Keep in mind that the adaptive card designer does not check on the combination of the elements used and the version number of adaptive cards. For example, the ActionSet
element was introduced in version 1.2, but the designer doesn't present you from adding this element, even if you have specified 1.0 as the version number in the designer.
If you want to use actions with 1.0, you can use the separate actions
property below the body
property. This actions
element can't be added using the visual designer, so you'd need to do it by hand.
Disable the Welcome Message for a Digital Assistant
When a user connects to a digital assistant through a Microsoft Teams channel, an internal message is sent to the digital assistant to initiate a conversation. By default, that message is the word "help", which then triggers the digital assistant's help
system intent, which leads to the display of a welcome message and cards for the digital assistant's skills.
To disable this behavior, you change the Internal Welcome Message
property to a value different than "help". You can change the
value for that property in the digital assistant's resource
bundle.
To change the internal message that is set to the digital assistant when the user connects with a Teams, channel:
- Click to open the side menu, select Development > Digital Assistants, and open your digital assistant.
- In the left navigation for the digital assistant, click , and select the Configuration tab.
- In the Filter field, type
internal
to quickly to narrow down the list of resource bundle keys. - Select the Other - internalWelcomeMessage key.
- Mouse over the value for the key and select the icon that appears.
- Replace the value with the one you would like to use and click Update Entry.
If your digital assistant is on a platform version earlier than 21.04, resource bundle keys aren't automatically defined for the configuration properties. In that case, you may just wish to update the value of the property on the digital assistants Settings page (which you can open by clicking ).
Enable the Welcome Message for a Skill
By default, when a user connects directly to a standalone skill through a Microsoft Teams channel, there is no welcome message sent to the user. However, if you configure the skill's Welcome State property, the skill will use that state to display a message when the user connects.
- Click to open the side menu, select Development > Skills, and open your skill.
- In the left navigation for the skill, click and select the Digital Assistant tab.
- In the Welcome State field, enter the name of the state that you want to display the welcome message.
Using the Welcome State property in this way for a standalone skill only works for Microsoft Teams channels. For other channels, this property is ignored in standalone skills.