Microsoft Teams Notifications

This channel provides notifications via Microsoft Teams.

If you enable this channel, you also need to:

Receipient Identification

Messages are sent using the user’s External ID, which is linked via Microsoft Entra ID, given this channel is active in a security system with Microsoft Entra ID. In contrast, the user’s email address is used, if the External ID is not set (e.g. for local users) or if the Microsoft Entra ID is not configured.

Template

 1# yaml-language-server: $schema=https://json-schema.axonivy.com/ivy/12.0.11/ivy.json
 2# Mail Channel for the 'default' Security System
 3# [engineDir]/configuration/ivy.yaml 
 4SecuritySystems:
 5  default:
 6    Notification:
 7      Channels:
 8        microsoft-teams:
 9          Name: microsoft-teams
10          Enabled: true
11          Events:
12            AllKinds: enabled
13            Kinds:
14            - new-task
15          Config:
16            TenantId: 00000000-0000-0000-0000-000000000000
17            ClientId: 00000000-0000-0000-0000-000000000000
18            TechnicalUser:
19              Mail: example@example.com
20              Password: password
21            Proxy:
22              Url: https://proxy.local
23              UserName: proxyUser
24              Password: "${encrypt:proxyPassword}"

Reference

 1# Microsoft Entra ID Tenant ID
 2TenantId: ""
 3# Client ID provided by Microsoft Entra ID when registering the application for sending messages
 4ClientId: ""
 5
 6# The login credentials of the technical user used for sending messages
 7TechnicalUser:
 8  # Mail address of the technical user used for sending messages
 9  Mail: ""
10  # Password of the technical user used for sending messages
11  Password: ""
12
13Proxy:
14  # Url of the forward proxy
15  Url: ""
16  # Username to authenticate against the forward proxy
17  UserName: ""
18  # Password to authenticate against the forward proxy
19  Password: ""

Technical User

Visit the Microsoft 365 admin center and create a new user by navigating to Users > Active users and clicking on Add a user. Give the user a display name that represents your Ivy Portal (e.g. “Ivy”). Other users will receive notifications in the form of chat messages by this user. Remove the checkmarks for Automatically create a password and Require this user to change their password when they first sign in. Provide the user with a secure password and keep note of it. Also, provide the user with a product license to be able to use Microsoft Teams.

Add a user - Set up the basics
Add a user - Assign product licenses

After creating the user, turn off multifactor authentication by clicking on the user and then Manage multifactor authentication. Make sure no other policies require the user to change their password regularly or prevent them from logging in for any other reasons.

Manage multifactor authentication

Add the mail address (TechnicalUser.Mail) and password (TechnicalUser.Password) of the technical user to the configuration of the Microsoft Teams Notification Channel.

Application

Visit the Microsoft Entra admin center and follow these instructions to register an application with the Microsoft identity platform. On step 5, choose Accounts in this organizational directory only.

Register an application

Navigate to Applications > Enterprise Applications and click on the newly registered application. Navigate to Properties in the section Manage. Set Assignment required? to Yes.

Application - Properties

Navigate to Users and Groups in the section Manage. Click on Add user/group > Users and groups and search for, select, and assign the technical user you created before. (See Technical User)

Application - Users and groups

Navigate to Applications > App registrations and click on the newly registered application. If you can not see it, make sure to change the selected tab to All applications. Navigate to Authentication in the section Manage. Set Allow public client flows to Yes.

Application - Authentication

Navigate to API permissions in the section Manage. Click on Add a permission > Microsoft Graph > Delegated permissions and search for, select, and add the following permissions:

  • Chat.Create

  • ChatMessage.Send

  • User.Read

Click on Grant admin consent for <tenant> above the table with the permissions and confirm the dialog.

Application - API permissions

Add the ID of your tenant (TenantId) and newly created application (ClientId) to the configuration of the Microsoft Teams Notification Channel.