User.Read.All
application permissionUser.Read
delegated permissionUser.Read.All
application permission allows the app to read user profiles
for all users in the organization. This is necessary for the Skill Assistant to
fetch the Employee ID of a user using the Microsoft Graph API. More information
about this can be found in the
Linking Microsoft Teams users and employee profiles in TechWolf
section. The User.Read.All
permission is also required for the Skill Assistant
to fetch the user’s country information, which is used to send suggestions
according to the user’s country timezone when the user-based scheduling setting
is enabled.
The User.Read
delegated permission allows the app to read user profiles for
the user who is currently logged in. This is necessary for the Skill Assistant
to properly show the Skill Profile Tab.
Share your Azure Tenant ID with TechWolf.
Link Microsoft users to employee profiles in TechWolf
Whitelist the Skill Profile Tab URL (if required)
teams-tab-frontdoor.skillengine.eu
. This URL doesn’t handle
any personal or company data, it only loads the visual interface for the
Skill Profile tab in Microsoft Teams.Grant permissions to the Skill Assistant app
Customize the branding of the Skill Assistant app
Install the Skill Assistant for users
Employee ID
property for each user. This requires the Employee ID
property
to be set in Azure for each user, and for that Employee ID property to exactly
match the employee ID known within TechWolf’s SkillEngine API. In that case we
can automatically link the Teams user to the employee profile in TechWolf.
Ideally, the Employee ID is filled in automatically using an integration with
your organization’s HR system. If this is not possible, you can manually
populate the Employee ID property by following this guide:
Set Employee ID in Microsoft 365
Employee ID
property is not set in Azure, or if the Employee ID
property in Azure is different from the employee ID stored in the TechWolf
SkillEngine API, we can use a
Custom Property
for each employee profile in the TechWolf SkillEngine API. The Azure ID should
be stored in the Custom Property with the key employee_azure_id
. The mapping
between the employee ID known in TechWolf’s SkillEngine and their corresponding
custom property should be send to TechWolf via the datasource integration so
that we can store it accordingly.
Go to your Teams admin page
Navigate to Manage apps
Search TechWolf Skill Assistant
Click on TechWolf Skill Assistant
Navigate to the Permissions tab
Grant permissions
Select account
Accept permissions
Setup user groups
Setup installation
Force install using Graph API
Make app available for users
Install the app for users
Install the app using setup policies
Update permission policy
Navigate to Manage Users
Click on the filter icon
Filter on setup policy
Select all users
Edit settings
Assign the permission policy
Create file with Azure IDs
Download the script
Create a new service principal
Create a client secret
Certificates & secrets
.Select Client secrets
, and then select New client secret
and click Add
.You will need this secret later to run the script.Add the permission
TeamsAppInstallation.ReadWriteForUser.All
and User.Read.All
permissions.In the service principal, select API permissions
.Click on Add a permission
and select Microsoft Graph
.Select Application permissions
and search for
TeamsAppInstallation.ReadWriteForUser.All
and select it.Search User.Read.All
and select it too.Click on Add permissions
to add the permission.Select the added permissions and click Grant admin consent
.Fill in the variables
$FilePath
: the path to the previously created file (from Step 1) containing
the Azure IDs$ApplicationID
: The Application Client ID of the newly created service principal (from step 3)$ClientSecret
: The Application Client Secret of the newly created service principal (from step 4)$TenantID
: The tenant ID of your Teams instanceRun the script in Powershell
Cloud Shell
icon.Manage files
and upload the file with Azure IDs and
the filled in script. Run the script by typing ./script.ps1
.