Installation in Teams
The installation consists of several steps, which are described in detail below. TechWolf needs to configure the Skill Assistant to work with your tenant, you need to give the app the right permissions, and you need to install the app in your Teams environment.
Share your Azure Tenant ID with TechWolf.
Share your Azure Tenant ID with TechWolf. TechWolf will configure the Skill Assistant to work with your production tenant. Follow the steps in Get Azure Tenant ID to find your Azure Tenant ID.
Install in Teams
Install the Skill Assistant in your Microsoft Teams environment by following these steps
Whitelist the Skill Profile Tab URL (if required)
If your organization restricts outbound internet traffic by default
(i.e., blocks all URLs unless explicitly allowed), you will need to
whitelist the following URL to ensure the Skill Profile tab functions
correctly: teams-tab-frontdoor.skillengine.eu
. This URL doesn’t handle
any personal or company data, it only loads the visual interface for the
Skill Profile tab in Microsoft Teams.
Install for users
Install the Skill Assistant for users following these steps
Link Microsoft users to TechWolf Employees
We need a method to link Employees in the TechWolf API to Teams Users in Microsoft Teams. See Linking Microsoft Teams users and TechWolf Employees .
Install the Skill Assistant in Teams
Go to your Teams admin page
Go to your Teams admin page.
Navigate to Manage apps
Go to Teams apps -> Manage apps
Search TechWolf Skill Assistant
Type “TechWolf Skill Assistant” in the search bar.
Click on TechWolf Skill Assistant
Click on the name of the “TechWolf Skill Assistant” app.
Navigate to the Permissions tab
Navigate to the Permissions tab (1).
Grant permissions
Grant the app the required permissions. Do so by pressing Grant admin consent (2). This will open a pop up. More information about the required permissions can be found in the Required permissions of the Skill Assistant application section.
Select account
Select your account and log in if necessary (1).
Accept permissions
Review the required permissions and grant them, by clicking Accept (2).
Required permissions of the Skill Assistant application
The Skill Assistant application requires the following permissions:
User.Read.All
application permissionUser.Read
delegated permission
The User.Read.All
application permission allows the app to read user profiles
for all users in the organization. This is necessary for the Skill Assistant to
fetch the Employee ID of a user using the Microsoft Graph API. More information
about this can be found in the
Linking Microsoft Teams users and TechWolf Employees
section. The User.Read.All
permission is also required for the Skill Assistant
to fetch the user’s country information, which is used to send suggestions
according to the user’s country timezone when the user-based scheduling setting
is enabled.
The User.Read
delegated permission allows the app to read user profiles for
the user who is currently logged in. This is necessary for the Skill Assistant
to properly show the Skill Profile Tab.
Installing the Skill Assistant for users
Depending on your organisation’s workflow to install apps for employees, you should now install the Skill Assistant for your employees. We recommend the following workflow:
Setup user groups
The easiest way to install the app for a subset of users is to create a group in Azure AD and assign the app to that group. This way, you can easily manage who has access to the app. To create a group, follow the Microsoft guide on creating a group.
Install the app using setup policies
You can install the app for a group of users using setup policies. Follow the Microsoft guide on setup policies. We recommend to use the app centric management functionality if possible.
The setup policy is only applied after the permission policy is updated (see step 3).
This can take a significant amount of time. We advise to install the users at least 1 week before the go-live date.
Some users might need to restart their Teams to get the app installed.
If there are still users that don’t have the app after a week, the force installation using the next step needs to be done.
Update permission policy
If you have the app centric management functionality, you can assign the app to the group by following this guide.
If you do not have the app centric management functionality, we recommend to adjust the global permission policy to allow the TechWolf Skill Assistant app.
If modifying the global policy is not desired, you can create a new permission policy by following this guide and assign it to the group by following these steps.
Force install using Graph API
If the app is not installed for all users, you can force the installation for the remaining users using the Microsoft Graph API by following these steps.
Assigning the permission policy to a group
This section describes how to assign the permission policy to a group of users.
If you have the app centric management functionality, you can assign the app to the group by following this guide.
This section is only relevant when you do not have the app centric management functionality and have created a new permission policy.
Microsoft Teams does not support assigning app permission policies to groups. However, it does support assigning policies to a batch of users.
These steps require a setup policy to be applied to the group first.
The users linked to the permission policy will not be automatically updated when users are added/deleted from the group.
Navigate to Manage Users
Go to Users -> Manage users
Click on the filter icon
Click on the filter icon in the top right corner.
Filter on setup policy
Select the setup policy as filter and the created setup policy as filter value.
Click on Apply to apply the filter.
Select all users
Click on the checkmark icon in the top left corner to select all users.
Edit settings
Click on the Edit settings button in the top left corner.
Assign the permission policy
Select the created permission policy from the dropdown menu.
Click on Apply to assign the permission policy to the selected users.
Force installing the app using the Microsoft Graph API
If the app is not installed for all users, you can force the installation for the remaining users using the Microsoft Graph API.
Create file with Azure IDs
Create a text file containing all Azure IDs of the people for which the app needs to be installed. This file is structured as a list of the Azure IDs, separated by newlines.
Download the script
We created a template script that you can use to force install the app.
Download the script
Create a new service principal
Create a new service principal in Azure AD to run the script. Follow the Microsoft guide on creating a service principal.
Create a client secret
A client secret is needed to run the script.
In the newly created service principal, select Certificates & secrets
.
Select Client secrets
, and then select New client secret
and click Add
.
You will need this secret later to run the script.
Add the permission
The script requires the TeamsAppInstallation.ReadWriteForUser.All
and User.Read.All
permissions.
In the service principal, select API permissions
.
Click on Add a permission
and select Microsoft Graph
.
Select Application permissions
and search for
TeamsAppInstallation.ReadWriteForUser.All
and select it.
Search User.Read.All
and select it too.
Click on Add permissions
to add the permission.
Select the added permissions and click Grant admin consent
.
Fill in the variables
Fill in the variables in the script:
$FilePath
: the path to the previously created file (from Step 1) containing the Azure IDs$ApplicationID
: The Application Client ID of the newly created service principal (from step 3)$ClientSecret
: The Application Client Secret of the newly created service principal (from step 4)$TenantID
: The tenant ID of your Teams instance
Run the script in Powershell
Run the script in Powershell.
In Azure Portal, click in the top right on the
Cloud Shell
icon.
Click on Manage files
and upload the file with Azure IDs and
the filled in script. Run the script by typing ./script.ps1
.
Linking Microsoft Teams users and TechWolf Employees
An important step of the installation is to link Employees with Teams users. To
be able to reach an Employee on Teams, we must know the Employee’s corresponding
Azure ID
, which can be different from the external_id
used in the TechWolf
API.
There are two options to link the two IDs:
If this is set up correctly, the TechWolf Skill Assistant will be able to fetch
all suggestions and their corresponding Employee Azure IDs
, and send them to
the right Teams user.
Through Microsoft Graph (preferred)
The preferred method is to use the Microsoft Graph API to fetch the
Employee ID
property for each user. This requires the Employee ID
property
to be set in Azure for each user. In that case we can automatically link the
Teams user to the TechWolf Employee.
Ideally, the Employee ID is filled in automatically using an integration with your organization’s HR system. If this is not possible, you can manually populate the Employee ID property by following this guide: Set Employee ID in Microsoft 365
Through Custom Properties
If the Employee ID
property is not set in Azure, we can use a
Custom Property
for each Employee in the TechWolf API. The Azure ID should be stored in the
Custom Property with the key employee_azure_id
.
Was this page helpful?