How to configure the Microsoft Teams web service

Liz Sanderson
Liz Sanderson
  • Updated

FME Version

  • FME 2021.0

Introduction

This article will show you how to configure the Microsoft Teams (Graph) web service, available on FME Hub.
The purpose of the Microsoft Teams (Graph) web service is to allow users to authenticate with the Microsoft Graph API in order to interact with Microsoft Teams from FME, using the MicrosoftTeamsConnector transformer.

Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources, like Microsoft Teams.

To interact with the web API, an auth token is required. Instead of repeatedly (manually) obtaining that auth token, or cluttering up a workspace with a string of HTTPCallers to do the auth flow, an FME web service and web connection can be used. 

For more information, please read this article: Web Connections and FME
 

Prerequisites 

Creating a web service requires some understanding of authorization and authentication, so it is recommended to review the Microsoft documentation: Authentication and authorization basics for Microsoft Graph.
Many of the steps in this tutorial will refer to Microsoft documentation.

Please note that setting up web services, web connections and custom ‘connector’ transformers relies heavily on external (to FME) documentation and services. Any content linked or screenshots are subject to change.

It is recommend to have both FME and Azure Portal open at the same time to copy information between the two.
 

Step-by-Step Instructions

1. Register your application with the Microsoft identity platform

In order to get a token, the application must first be registered with the Microsoft identity platform, which is done through the Azure Portal.

Registering your application integrates it with the identity platform and will provide the information needed to get tokens, such as:

  • Application (Client) ID
  • Redirect URI
  • Application (Client) Secret
  • Tenant

All of these are requirements in FME to set up a web service:

Screen Shot 2021-03-23 at 9.44.03 AM.png

Follow these instructions to register your application: Register an application with the Microsoft identity platform

 

For the platform and redirect uri configuration, leave it set to Web and you can use http://localhost

Screen Shot 2021-03-31 at 2.51.16 PM.png

If your web connection will be on FME Server, you may need to add an additional redirect uri of http(s)://<YourFMEServerHostname>/fmeoauth

You can enter additional URIs on the Authentication blade in the Azure Portal.


The Application (client) ID can be found on the Overview page of the App Registration:

Screen Shot 2021-04-06 at 4.13.24 PM.png
 

2. Edit the Microsoft Teams (Graph) web service in FME

In FME, you will need to create a new web service. To access the below dialog window, open FME Options > Web Connections > Manage Web Services > Microsoft Teams (Graph)

You will need to enter in the Application (client) ID and redirect URI obtained in step 1.

Screen Shot 2021-04-06 at 7.03.56 PM.png

3. Configure application permissions

In Azure Portal you will need to configure the permissions that the application will need.

If you’re unsure what permissions to give, you can use the Microsoft permissions reference or the Microsoft Graph REST API
v1.0 reference
.

For the MicrosoftTeamsConnector, you will need the below permissions:

Microsoft Graph:
Channel.ReadBasic.All
ChannelMessage.Send
Directory.Read.All
Group.Read.All
User.Read
 

These are obtained from the following API calls in the MicrosoftTeamsConnector:

List joinedTeams 
List channels 
Create chatMessage in a channel 
Get filesFolder
List children of a driveItemAccess a group team site

You will need to grant admin consent for your organization:

Screen Shot 2021-06-11 at 11.47.31 AM.png

4. Obtain Client Secret

Within your app registration in Azure Portal, select Certificates & secrets. Under Client secrets, click New client secret to create a new secret. You can configure a description and expiration interval. You must copy the value of the new secret at this point as the full value of the client secret is only displayed to you once. Ensure that you’re copying the secret value, and not the ID.

Screen Shot 2021-04-06 at 4.02.46 PM.png

Copy this client secret to the Microsoft Teams (Graph) web service definition in FME.
 

For Microsoft's examples of how to do this, see here or here.


5. Configure the tenant

FME will request permission by making an authorization request. FME needs to know what the authorization endpoint is and that includes the tenant.

Screen Shot 2021-04-06 at 7.17.33 PM.png

To find your tenant read this page: Microsoft identity platform endpoints 

The tenant value will depend on the accounts you chose to support when registering the application. If your application is single-tenant, your tenant value will be your tenant ID. If your application is multi-tenant your tenant value will be common.
 

If you’re unsure, you can check in the Azure Portal, either on the Authentication blade:

Screen Shot 2021-03-31 at 2.06.59 PM.png

or by clicking on Endpoints on the overview page:

Screen Shot 2021-03-23 at 7.43.12 PM.png

Copy these endpoints into your web service definition in FME:

Screen Shot 2021-04-06 at 4.10.29 PM.png

6. Test the web service

Now that the web service is configured in FME, click Apply and then Test.
You should be prompted to sign into your Microsoft account.
If it is successful you can go on to create a Microsoft Teams web connection.

Screen Shot 2021-04-06 at 4.06.47 PM.png

If it fails, the error message should provide insight into why.

 

 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.