Teams Salesforce Configuration

In Salesforce we need to create a Named Credential that references an External Credential that uses Client flow.

This needs to be done by a Salesforce user with System Administrator permission.

Salesforce System Permissions

In order to create an External Credential, the Salesforce System Administrator must have the following permission:

• Allow users to modify Named Credentials and External Credentials through the Metadata, Tooling and Connected APIs.

Create Server To Server Named Credential

This is used for both meetings and webinars.

Create Server-to-Server External Credential

In Salesforce go to Setup a Named Credentials

• Select External Credentials

  

• Select New

• Fill in the form

  • Label = of your choosing e.g. Teams EC Server To Server

  • Name = of your choosing e.g. Teams_EC_Server_To_Server

  • Authorisation Protocol = OAuth 2.0

  • Authorisation Flow Type = Client Credentials With Client Secret Flow

  • Scope = https://graph.microsoft.com/.default offline_access

  • Identity Provider = https://login.microsoftonline.com/%7btenantId%7d/oauth2/v2.0/token

    • https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token

    • where {tenantId} is your Azure Tenant ID.

  • Save

Create Principal

Associate the External Credential with a Principal.

• Go to Principal

• Click New

• Fill in Form

  • Parameter Name = of your choosing e.g. All

  • Sequence Number = 1

  • Client Id = Azure Application (client) ID

  • Client Secret = the client secret value for the Azure App Registration

• Save

• On saving, the status of the Principal should be Configured.

Create Named Credential

Go to Setup -> Named Credentials

• Click New

• Fill in form

  • Label = of your choosing e.g. Teams NC Server To Server

  • Name = of your choosing e.g. Teams_NC_Server_To_Server

  • URL = https://graph.microsoft.com/

  • Enabled for Callouts = On

  • External Credential = the external credential that was created e.g.Teams EC Server To Server

  • Generate Authorisation Header = Checked

  • Allow Formulas in HTTP Header = Checked

  • Allow Formulas in HTTP Body = Checked

  • Allowed Namespaces for Callouts = evsprk

    

    
    

• Save

Create Interactive Named Credential

This is used for webinars only.

Create Auth. Provider

In Salesforce go to Setup -> Auth. Provider

• Select New

• Provider Type = Open ID Connect

• Fill in form

  • Label = of your choosing e.g. Teams Interactive

  • Name = of your choosing e.g. Teams_Interactive

  • Consumer Key = Azure Application (client) ID

  • Consumer Secret = the client secret value for the Azure App Registration

  • Authorize Endpoint URL = https://login.microsoftonline.com/%7btenantId%7d/oauth2/v2.0/authorize

  • Token Endpoint URL = https://login.microsoftonline.com/%7btenantId%7d/oauth2/v2.0/token

  • Send access token in header -> Checked

  • Include Consumer Secret in SOAP API Responses -> Checked

• Save

• Make a note of the callback URL. This will need to be added to the Azure application that is used for webinars.

Create Interactive External Credential

In Salesforce go to Setup -> Named Credentials

• Select External Credentials

• Select New

• Fill in form

  • Label = of your choosing e.g. Teams EC Interactive

  • Name = of your choosing e.g. Teams_EC_Interactive

  • Authentication Protocol = OAuth 2.0

  • Authentication Flow Type = Browser Flow

  • Scope = https://graph.microsoft.com/.default offline_access

    • Note that the offline_access is needed for the refresh token

  • Authentication Provider = Auth. Provider e.g. Teams Interactive https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token

• Save

Create Principal

Associate the External Credential with a Principal.

• Go to Principal

• Click New

• Fill in Form

  • Parameter Name = of your choosing e.g. PerUser

  • Sequence Number = 1

  • Identity Type = Per User Principal

  • Scope = leave blank

• Save

• On saving, the status of the Principal should be Configured.

Create Named Credential

Go to Setup -> Named Credentials

• Click New

• Fill in the form

  • Label = of your choosing e.g. Teams NC Interactive

  • Name = of your choosing e.g. Teams_NC_Interactive

  • URL = https://graph.microsoft.com/

  • Enabled for Callouts = On

  • External Credential = the interactive external credential e.g. Teams EC Interactive

  • Generate Authorisation Header = Checked

  • Allow Formulas in HTTP Header = Checked

  • Allow Formulas in HTTP Body = Checked

  • Allowed Namespaces for Callouts = evsprk

• Save

Permission Sets

There is a common permission set that is used for both meetings and webinars. If using webinars, an additional permission set, which cannot be assigned to the site guest user, needs to be created.

The common permission set needs to:

• Grant access to the Server To Server External Credential Principal

• Grant Read access to Object User External Credential.

The internal user permission set needs to:

• Grant access to the Interactive External Credential Principal

  • This is for webinars only

For Server To Server Access

Create a new permission e.g. EventSpark Integration

• Select External Credential Principal Access

  • Edit

  • Select the External Credential Principal that was defined for the Client Flow External Credential (Server To Server)

  • Save

• Search for External Credentials

  • Select User External Credentials

  • Select Read Access

  • Save

Assign the permission set to

• Salesforce users who will be creating and wrapping up teams’ meetings and webinars via EventSpark.

For Interactive Access

Create a new permission e.g. EventSpark Integration Internal

• Select External Credential Principal Access

  • Edit

  • Select the External Credential Principal that was defined for the Browser Flow External Credential (Interactive)

  • Save

• Assign the permission set to

  • Salesforce users who will be creating and wrapping up teams’ meetings via EventSpark.

  • Site guest users who will be registering for events.

Configure External Credential

For webinars, the external credential uses Per User Identity. To this end, each Event Manager who creates a Teams webinar from EventSpark, must configure the Teams Interactive External Credential.

To do this

• The Event Manager must be logged into the Salesforce org where EventSpark is installed and the Teams Interactive Named Credential is defined.

• Click on their View Profile

• Select Settings

• Select External Credentials in the Sidebar Navigation

• Select The Teams Interactive External Credential

• Click Allow Access

If successful, it should be marked as configured.

EventSpark Records

To integrate from EventSpark the following records are needed.

Connecting to Teams – Virtual Platform Connection

When the EventSpark application integrates with Teams, it needs to know the name of the authenticated Named Credential. This information is captured on a Virtual Platform Connection record.

The details captured on a Virtual Platform Connection record include:

• Virtual Platform Connection that references the Named Credential

  • e.g. Teams:<your Teams account name>

    • e.g. Teams VPC

• Service Provider

  • Microsoft Teams

• Two new fields have been configured for Microsoft Teams integration

  • This must be a Named Credential Name (not Label).

    • e.g. The Name you provided for your Named Credential

      • “of your choosing e.g. Teams_NC_Server_To_Server”

  • Named Credential Server To Server used for Meeting and Webinar integration

  • Named Credential Interactive used for Webinar integration

  • The original Named Credential field can still be used for meeting integration.

    • We advocate that existing Microsoft Teams Virtual Platform Connection records are updated to capture the Named Credential values in the Named Credential Server To Server field.

  • If using webinars, in addition to specifying the Developer Name of the Server to Server Named Credential, the Developer Name of the Interactive Named Credential must be specified.

• Virtual Venues

  • For type Meeting

    • This must reference the Microsoft Teams Virtual Platform Connection with a Server To Server Named Credential.

  • For type Webinar

    • This must reference the Microsoft Teams Virtual Platform Connection with both a Server To Server Named Credential and an Interactive Named Credential.

  • Note that there are new picklist values for Interactive Options and Joining Options. These are specific to Teams Integration.

  • There is a new Venue field labelled Implied Virtual Option Behavior. This is used to determine whether to apply default settings if an option is not explicitly selected.