diff --git a/msteams-platform/TOC.yml b/msteams-platform/TOC.yml index 575ca795863..728c8cabea2 100644 --- a/msteams-platform/TOC.yml +++ b/msteams-platform/TOC.yml @@ -66,7 +66,7 @@ - name: Add cloud resources and API connection href: toolkit/add-resource.md displayName: application, endpoint - - name: Add SSO to Teams app + - name: Add authentication to Teams agent or app href: toolkit/add-single-sign-on.md - name: Enable SSO for Teams app href: toolkit/develop-single-sign-on-experience-in-teams.md diff --git a/msteams-platform/toolkit/add-single-sign-on.md b/msteams-platform/toolkit/add-single-sign-on.md index 84fc5adb03f..7a13b135a8b 100644 --- a/msteams-platform/toolkit/add-single-sign-on.md +++ b/msteams-platform/toolkit/add-single-sign-on.md @@ -1,32 +1,26 @@ --- -title: Add single sign-on to your Teams apps -description: In this module, learn how to add single sign-on (SSO) of Microsoft 365 Agents Toolkit, enable SSO support, and update your application to use SSO. +title: Add autentication to your Teams agent or apps +description: In this module, learn how to add single sign-on (SSO) of Microsoft 365 Agents Toolkit, enable SSO support, and update your agent or app to use SSO. ms.localizationpriority: medium ms.topic: overview -ms.date: 05/20/2022 +ms.date: 04/15/2026 --- -# Add single sign-on to Teams app +# Add authentication to Teams agent or app -Microsoft Teams provides single sign-on (SSO) function for an app to obtain signed in Teams user token to access Microsoft Graph and other APIs. Microsoft 365 Agents Toolkit (previously known as Teams Toolkit) facilitates the interaction by abstracting few of the Microsoft Entra ID flows and integrations behind simple APIs and enables you to add SSO features easily to your Teams app. +Microsoft Teams supports adding authentication to your agents or apps. You can add single sign-on (SSO) or OAuth authentication. Microsoft 365 Agents Toolkit (formerly Teams Toolkit) enables you to add authentication using Microsoft 365 Agents SDK and Teams SDK as well. -## Add SSO to Teams app for Microsoft Visual Studio Code +For more information, see [authenticate users in Microsoft Teams](../concepts/authentication/authentication.md) and [add authentication using Teams SDK](/microsoftteams/platform/teams-sdk/teams/user-authentication/overview). -For apps that interact with the user in a chat, Team, or channel, SSO manifests as an Adaptive Card, which the user can interact with to invoke the Microsoft Entra consent flow. +## SDK options for adding authentication -## Enable SSO support +Based on how you distribute your agent or app, use one of the following SDKs: -Agents Toolkit helps you to add SSO to the following Teams capabilities in Visual Studio Code: +- Use [Teams SDK](/microsoftteams/platform/teams-sdk/teams/user-authentication/overview) to add SSO authentication to your Teams agents. +- Use [Microsoft 365 Agents SDK](/microsoft-365/agents-sdk/microsoft-authentication-library-configuration-options) to add authentication to agents that extend across Microsoft 365. -* Tab -* Bot -* Notification bot: express server -* Command bot -* Workflow bot -* Message extension +## View how-to guide for adding SSO using Microsoft Agents Toolkit -### Add SSO using Visual Studio Code - -You can perform the following steps to add SSO using Agents Toolkit in Visual Studio Code: +Follow these steps to add SSO authentication using Agents Toolkit: 1. Open **Visual Studio Code**. 2. Select **Microsoft 365 Agents Toolkit** from the Visual Studio Code activity bar. @@ -34,21 +28,23 @@ You can perform the following steps to add SSO using Agents Toolkit in Visual St :::image type="content" source="~/assets/images/toolkit-v2/manual/select-view-how-to-guides.png" alt-text="Screenshot shows the option to select View How-to Guides under Development."::: -4. From the dropdown list, select **Develop Single Sign-On Experience in Teams**. You're redirected to the respective How-to guide. +4. From the dropdown list, select **Develop Single Sign-On Experience in Teams**. You're redirected to its how-to guide. :::image type="content" source="../assets/images/toolkit-v2/add-sso/sso-select features_1.png" alt-text="Screenshot shows the Single Sign-on feature highlighted in red in the Visual Studio Code."::: |**Development** | **How-to Guide** | | -------- | --------| - |Develop Single Sign-on Experience in Teams | [Enable single sign-on for tab app](develop-single-sign-on-experience-in-Teams.md) | + | Add SSO authentication to agents and apps using Teams SDK | [SSO setup for agents and apps](/microsoftteams/platform/teams-sdk/essentials/app-authentication?pivots=csharp) | + | Develop SSO experience in Teams tab app | [Enable single sign-on for tab app](develop-single-sign-on-experience-in-Teams.md) | + | Develop SSO experience in Teams bot and message extension app | [Enable SSO for your bot and message extension](../bots/how-to/authentication/bot-sso-overview.md) | > [!NOTE] -> When SSO is enabled, Agents Toolkit by default provisions a single-tenant Microsoft Entra app, which means only user and guest accounts in the same directory as your M365 account can sign in to your Teams app. For more information on supporting multitenant to update your TeamsFx project, see [Multi-tenancy support for Microsoft Entra app](https://github.com/OfficeDev/TeamsFx/wiki/Multi-tenancy-Support-for-Azure-AD-app). +> When SSO is enabled, the Agents Toolkit automatically creates a dedicated Microsoft Entra app. This setup allows only users and guest accounts within the same directory as your M365 account to access your Teams agent or app. +> +> For more information on supporting multitenant to update your TeamsFx project, see [multi-tenancy support for Microsoft Entra app](https://github.com/OfficeDev/TeamsFx/wiki/Multi-tenancy-Support-for-Azure-AD-app). ## See also -* [Microsoft 365 Agents Toolkit Overview](agents-toolkit-fundamentals.md) -* [Prerequisites for creating your Teams app](tools-prerequisites.md) -* [Enable SSO for tab app](../tabs/how-to/authentication/tab-sso-overview.md) -* [Enable SSO for your bot and message extension](../bots/how-to/authentication/bot-sso-overview.md) -* [Prepare Accounts to build your Teams app](tools-prerequisites.md#accounts-to-build-your-teams-agent-or-app) +- [Microsoft 365 Agents Toolkit Overview](agents-toolkit-fundamentals.md) +- [Prepare Accounts to build your Teams app](tools-prerequisites.md#accounts-to-build-your-teams-agent-or-app) +- [Configure your .NET agent to use OAuth using Microsoft 365 Agents SDK](/microsoft-365/agents-sdk/agent-oauth-configuration-dotnet) diff --git a/msteams-platform/toolkit/develop-single-sign-on-experience-in-Teams.md b/msteams-platform/toolkit/develop-single-sign-on-experience-in-Teams.md index 51a67658094..b78bf8a7efb 100644 --- a/msteams-platform/toolkit/develop-single-sign-on-experience-in-Teams.md +++ b/msteams-platform/toolkit/develop-single-sign-on-experience-in-Teams.md @@ -2,35 +2,57 @@ title: Develop Single Sign-on Experience description: Learn how to develop single sign-on experience in Teams app using Microsoft 365 Agents Toolkit. ms.topic: reference -ms.date: 12/17/2024 +ms.date: 04/15/2026 ms.localizationpriority: medium --- -# Enable single sign-on for Teams app + + -Microsoft Teams provides single sign-on (SSO) function for an app to obtain signed in Teams user token to access Microsoft Graph and other APIs. Microsoft 365 Agents Toolkit (previously known as Teams Toolkit) streamlines the process by incorporating certain Microsoft Entra workflows and integrations into straightforward, high-level APIs. As a result, you can effortlessly incorporate SSO capabilities into your Teams app. For more information, see [authenticate users in Microsoft Teams.](../concepts/authentication/authentication.md) +# Enable single sign-on for Teams agent and app + +Microsoft 365 Agents Toolkit (formerly Teams Toolkit) simplifies adding SSO authentication to your agents and apps. The toolkit abstracts few of the Microsoft Entra ID flows and integrations behind simple APIs, enabling you to add SSO features easily to your Teams agent or app. ## Key configurations -To enable SSO, configure your Teams app as follows: +To enable SSO, configure your Teams agent and app as follows: * **Microsoft Entra app manifest**: Ensure to define URIs, including the URI that identifies the Microsoft Entra authentication app and the redirect URI that returns the token. -* **Teams app manifest**: Connect your SSO app to your Teams app by incorporating the correct configuration. +* **Teams app manifest**: Connect your Microsoft Entra authentication app to your Teams agent or app by incorporating the correct configuration. + +* **Agents Toolkit configuration and infra files**: Ensure the necessary configurations are in place to enable SSO for your Teams agent or app. + +* **SSO app information in Agents Toolkit configuration files**: Ensure the Microsoft Entra authentication app is registered with the backend service, and that the Agents Toolkit triggers it when debugging or previewing the Teams agent or app. + +## Enable SSO for Teams agents + +Microsoft Teams supports single sign-on (SSO), which allows an agent or app to securely request an access token for the currently signed-in Teams user. This token can then be used to call Microsoft Graph and other protected APIs without prompting the user to sign in again. + +You can enable [SSO authentication for users with Teams SDK](/microsoftteams/platform/teams-sdk/teams/user-authentication/sso-setup). -* **Agents Toolkit configuration and infra files**: Ensure the necessary configurations are in place to enable SSO for your Teams app. +## Enable SSO for Teams apps -* **SSO app information in Agents Toolkit configuration files**: Ensure the authentication app registers on the backend service and Agents Toolkit initiates it during the debugging or previewing of the Teams app. +Choose one of the following to enable SSO for your Teams app: # [Tab app](#tab/tab-app) -## Create Microsoft Entra app manifest +To enable SSO for your tab app: + +1. [Create Microsoft Entra app manifest](#create-microsoft-entra-app-manifest) +1. [Update Teams app manifest](#update-teams-app-manifest) +1. [Update Agents Toolkit configuration files](#update-agents-toolkit-configuration-files) +1. [Update source code](#update-source-code) +1. [Debug your app](#debug-your-app) +1. [Customize Microsoft Entra app](#customize-microsoft-entra-app) + +### Create Microsoft Entra app manifest 1. Download the Microsoft Entra app manifest [template](https://github.com/OfficeDev/microsoft-365-agents-toolkit/blob/dev/packages/fx-core/templates/plugins/resource/aad/manifest/tab/aad.manifest.template.json). -1. Add the downloaded app manifest template code to `./aad.manifest.json` file. This allows you to customize different aspects of your app registration and update the manifest as required. For more information, see [app manifest](/entra/identity-platform/reference-app-manifest). +1. Add the downloaded app manifest template code to `./aad.manifest.json` file of your agent or app project. This allows you to customize different aspects of your app registration and update the manifest as required. For more information, see [app manifest](/entra/identity-platform/reference-app-manifest). -## Update Teams app manifest +### Update Teams app manifest In the `./appPackages/manifest.json` file, add the following code: @@ -46,12 +68,14 @@ In the `./appPackages/manifest.json` file, add the following code: > [!NOTE] > You can use `{{ENV_NAME}}` to reference variables in `env/.env.{TEAMSFX_ENV}` file. -## Update Agents Toolkit configuration files +[Back to top](#create-microsoft-entra-app-manifest) + +### Update Agents Toolkit configuration files 1. Locate your Agents Toolkit configuration files, such as `./m365agents.yml` and `./m365agents.local.yml`. Update the required configurations related to Microsoft Entra in these files. 1. Add the `aadApp/create` action under `provision` in `./m365agents.yml` and `./m365agents.local.yml` to create new Microsoft Entra app used for SSO: - + ```yaml - uses: aadApp/create with: @@ -67,7 +91,7 @@ In the `./appPackages/manifest.json` file, add the following code: ``` > [!NOTE] - > Replace the `name` value with the desired name for your Teams app. + > Replace the `name` value with the desired name for your Teams agent or app. For more information, see [`aadApp/create`.](https://github.com/OfficeDev/microsoft-365-agents-toolkit/wiki/Available-actions-in-Teams-Toolkit#aadappcreate) @@ -105,13 +129,15 @@ In the `./appPackages/manifest.json` file, add the following code: REACT_APP_START_LOGIN_PAGE_URL: ${{TAB_ENDPOINT}}/auth-start.html ``` -## Update source code +[Back to top](#create-microsoft-entra-app-manifest) + +### Update source code -With the above changes implemented, your environment is prepared. You can now update your code to incorporate SSO into your Teams app. +With the above changes implemented, your environment is prepared. You can now update your code to incorporate SSO into your Teams agent or app. -### Vanilla JavaScript +#### Vanilla JavaScript -For a tab app that doesn't uses React, use the following code as a basic example to obtain the SSO token: +For a tab app that doesn't use React, use the following code as a basic example to obtain the SSO token: ```javascript function getSSOToken() { @@ -131,7 +157,7 @@ function getBasicUserInfo() { } ``` -### React +#### React For React projects, ensure the following environment variables are set in your deployment process: @@ -152,15 +178,28 @@ To update your source code, follow these steps: For more information, see [SSO enabled tab app.](https://github.com/OfficeDev/microsoft-365-agents-toolkit-samples/tree/dev/hello-world-tab-with-backend) -# [Bot/message extension app](#tab/message-extension-app) +[Back to top](#create-microsoft-entra-app-manifest) -## Create Microsoft Entra app manifest +# [Bot or message extension app](#tab/message-extension-app) + +To enable SSO for your bot or message extension app: + +1. [Create the Microsoft Entra app manifest](#create-the-microsoft-entra-app-manifest) +1. [Update the Teams app manifest](#update-the-teams-app-manifest) +1. [Update the Agents Toolkit configuration files](#update-the-agents-toolkit-configuration-files) +1. [Update Infra configuration](#update-infra-configuration) +1. [Update the source code](#update-the-source-code) +1. [Create the Microsoft Entra app manifest](#create-the-microsoft-entra-app-manifest) +1. [Debug your app](#debug-your-app) +1. [Customize Microsoft Entra app](#customize-microsoft-entra-app) + +### Create the Microsoft Entra app manifest 1. Download the Microsoft Entra app manifest [template](https://github.com/OfficeDev/microsoft-365-agents-toolkit/blob/dev/packages/fx-core/templates/plugins/resource/aad/manifest/bot/aad.manifest.template.json). 1. Add the downloaded app manifest template code to `./aad.manifest.json` file. This allows you to customize different aspects of your app registration and update the manifest as required. For more information, see [app manifest](/entra/identity-platform/reference-app-manifest). -## Update Teams app manifest +### Update the Teams app manifest 1. In the `./appPackages/manifest.json` file, add the following code: @@ -195,12 +234,14 @@ For more information, see [SSO enabled tab app.](https://github.com/OfficeDev/mi ] ``` -## Update Agents Toolkit configuration files +[Back to top](#create-the-microsoft-entra-app-manifest) + +### Update the Agents Toolkit configuration files 1. Locate your Agents Toolkit configuration files, such as `./m365agents.yml` and `./m365agents.local.yml`. Update necessary configurations related to Microsoft Entra in these files. 1. Add the following code `aadApp/create` under `provision` in `./m365agents.yml` and `./m365agents.local.yml` to create new Microsoft Entra apps used for SSO: - + ```yaml - uses: aadApp/create with: @@ -248,7 +289,9 @@ For more information, see [SSO enabled tab app.](https://github.com/OfficeDev/mi M365_APPLICATION_ID_URI: api://botid-${{BOT_ID}} ``` -## Update Infra +[Back to top](#create-the-microsoft-entra-app-manifest) + +### Update Infra configuration Update Microsoft Entra-related configurations in your remote service. The following example shows the configuration settings on an Azure Web App: @@ -315,8 +358,9 @@ To use the `teamsFx` tab or bot template, follow these steps: ```bash WEBSITE_NODE_DEFAULT_VERSION: '14.20.0' ``` +[Back to top](#create-the-microsoft-entra-app-manifest) - ## Update Source Code + ### Update the source code # [Bot](#tab/bot) @@ -387,6 +431,8 @@ To use the `teamsFx` tab or bot template, follow these steps: }); ``` + [Back to top](#create-the-microsoft-entra-app-manifest) + # [Message extension](#tab/messaging-extension) 1. Implement the API key `handleMessageExtensionQueryWithSSO` in `TeamsActivityHandler.handleTeamsMessagingExtensionQuery`. For more information, see [SSO for message extensions](https://github.com/OfficeDev/microsoft-365-agents-toolkit/wiki/SSO-for-Message-Extension). @@ -454,23 +500,24 @@ To use the `teamsFx` tab or bot template, follow these steps: ] ``` - --- + [Back to top](#create-the-microsoft-entra-app-manifest) ---- - -## Debug your app + --- -To debug your app, select the **F5** key. Agents Toolkit uses the Microsoft Entra manifest to register an SSO-enabled app. For more information, see [debug your Teams app locally.](debug-local.md) +### Debug your app -## Customize Microsoft Entra apps +To debug your app, select the **F5** key. Agents Toolkit uses the Microsoft Entra manifest to register an SSO-enabled app. For more information, see [debug your Teams app locally](debug-local.md). -Teams [app manifest](/entra/identity-platform/reference-app-manifest) enables you to customize different aspects of your app registration. You can update the manifest as required. +### Customize Microsoft Entra app -To include additional API permissions to access your desired APIs, see [edit Microsoft Entra manifest](AAD-manifest-customization.md). +Teams [app manifest](/entra/identity-platform/reference-app-manifest) enables you to customize different aspects of your app registration. You can update the manifest as required. See [edit Microsoft Entra manifest](AAD-manifest-customization.md) to: -To view your Microsoft Entra app in Azure portal, see [edit Microsoft Entra manifest](AAD-manifest-customization.md). +* Include additional API permissions to access your desired APIs. +* View your Microsoft Entra app in Azure portal. ## See also * [Enable SSO for tab app](../tabs/how-to/authentication/tab-sso-overview.md) * [Enable SSO for your bot and message extension](../bots/how-to/authentication/bot-sso-overview.md) +* [Authentication setup using Teams SDK](/microsoftteams/platform/teams-sdk/teams/app-authentication/overview) +* [Microsoft 365 Agents SDK](/microsoft-365/agents-sdk/agents-sdk-overview) diff --git a/msteams-platform/toolkit/update-bot-me-app-to-use-certificate-or-msi-for-authentication.md b/msteams-platform/toolkit/update-bot-me-app-to-use-certificate-or-msi-for-authentication.md index d256e20a0fe..a3dc6589833 100644 --- a/msteams-platform/toolkit/update-bot-me-app-to-use-certificate-or-msi-for-authentication.md +++ b/msteams-platform/toolkit/update-bot-me-app-to-use-certificate-or-msi-for-authentication.md @@ -1,34 +1,41 @@ --- -title: Use Certificate or MSI Authentication for Bots -description: Learn how to use certificate or MSI-based authentication for your bot app, which resolves compliance concerns with Microsoft Entra ID and bot secret. +title: Use Certificate or MSI Authentication for Agents and Bots +description: Learn how to use certificate or MSI-based authentication for your agent and bot app, which resolves compliance concerns with Microsoft Entra ID and bot secret. ms.localizationpriority: high ms.topic: overview -ms.date: 10/22/2024 +ms.date: 04/20/2026 --- -# Use certificate or MSI for app authentication + + -You can use certificate- or MSI-based authentication to validate your bot app instead of bot ID and secret. This authentication resolves the compliance concerns related to the use of Microsoft Entra ID and bot secret. +# Use certificate or MSI for agent or app authentication + +You can use certificate- or MSI-based authentication to validate your agent and bot app instead of bot ID and secret. This authentication resolves the compliance concerns related to the use of Microsoft Entra ID and bot secret. ## Prerequisites -Ensure that you have a Teams bot app deployed to Azure with the following resources: +Ensure that you have a Teams agent or bot app deployed to Azure with the following resources: * An Azure bot. -* An Entra ID with a secret used for bot authentication. +* An Entra ID with a secret used for agent or bot authentication. * A resource that hosts your bot app, such as Azure App Service, Azure Functions. +## Update authentication method + +Choose one of the following to update authentication for your Teams agent or app: + # [Update to certificate-based Authentication](#tab/certificate) -To update your bot app to use certificate-based authentication: +To update your agent or bot app to use certificate-based authentication: 1. [Create and upload certificate in Azure AD](#create-and-upload-certificate-in-azure-ad) -1. [Update the bot app code](#update-the-bot-app-code) +1. [Update the agent or bot app code](#update-the-agent-or-bot-app-code) 1. [Delete bot secret](#delete-bot-secret) -## Create and upload certificate in Azure AD +### Create and upload certificate in Azure AD -To use a certificate for bot authentication: +To use a certificate for agent or bot authentication: 1. Prepare a certificate and private key. @@ -59,14 +66,14 @@ To use a certificate for bot authentication: :::image type="content" source="../assets/images/toolkit-v2/upload-certificate.png" alt-text="Screenshot shows the upload certificate option."::: -## Update the bot app code +### Update the agent or bot app code -Follow the steps to update the bot app code: +Follow the steps to update the code for the agent or bot: -1. Open your bot app project in Visual Studio or Visual Studio Code. -1. Update your code. +1. Open your agent or bot project in Visual Studio or Visual Studio Code. +1. Update the code: - # [JavaScript](#tab/js1) + # [JavaScript](#tab/js1) ```javascript const credentialsFactory = new ConfigurationServiceClientCredentialFactory({ @@ -84,7 +91,7 @@ Follow the steps to update the bot app code: const adapter = new CloudAdapter(botFrameworkAuthentication); ``` - # [C#](#tab/cs1) + # [C#](#tab/cs1) ```csharp builder.Services.AddSingleton((e) => new CertificateServiceClientCredentialsFactory("{your certificate}", "{your entra id}")); @@ -92,13 +99,11 @@ Follow the steps to update the bot app code: --- -1. Ensure you test your bot to confirm the operation aligns with the updated authentication. +1. Ensure you test your agent or bot to confirm the operation aligns with the updated authentication. -## Delete bot secret +### Delete bot secret -Ensure that your bot app uses the certificate for authentication before you delete the bot secret. - -To delete the bot secret: +Ensure that your agent or bot uses the certificate for authentication before you delete the bot secret. To delete the bot secret: 1. Go to [Azure portal](https://ms.portal.azure.com). 1. Select **App registrations**. @@ -112,23 +117,23 @@ To delete the bot secret: :::image type="content" source="../assets/images/toolkit-v2/delete-client-secret-value.png" alt-text="Screenshot shows the delete client secret value."::: -Your bot app now uses the certificate for authentication. +Your agent or bot app now uses the certificate for authentication. > [!div class="nextstepaction"] > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI%20ran%20into%20an%20issue%5D%20Update%20to%20certificate-based%20Authentication&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Ftoolkit%2Fupdate-bot-me-app-to-use-certificate-or-msi-for-authentication%3Ftabs%3Dcertificate%252Cjs1%252Cjs2&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Ftoolkit%2Fupdate-bot-me-app-to-use-certificate-or-msi-for-authentication.md&platformId=7d7829c1-68d8-1e75-4de1-a7e56b7dc090&documentVersionIndependentId=fb0fc1e4-02c4-5de2-bed1-da3c33971117&author=surbhigupta&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B**msteams**) # [Update to MSI-based authentication](#tab/msi) -To update your bot app to use MSI-based authentication: +To update your agent or bot to use MSI-based authentication: 1. [Create bot service with MSI type in Azure AD](#create-bot-service-with-msi-type-in-azure-ad) -1. [Update your bot app code for MSI](#update-your-bot-app-code-for-msi) +1. [Update your agent or bot app code for MSI](#update-your-agent-or-bot-app-code-for-msi) 1. [Delete bot secret](#delete-bot-secret-1) > [!NOTE] > The **Azure Bot** service ID and type can't be modified after creation. -## Create bot service with MSI type in Azure AD +### Create bot service with MSI type in Azure AD To create a new **Azure Bot** service with MSI type, follow these steps: @@ -174,14 +179,14 @@ To create a new **Azure Bot** service with MSI type, follow these steps: 1. Add the managed identity that you've created. -## Update your bot app code for MSI +### Update your agent or bot app code for MSI -To update the bot app code for MSI, follow these steps: +Follow the steps to update the code for the agent or bot: -1. Open your bot app project in Visual Studio or Visual Studio Code. -1. Update your code. +1. Open your agent or bot project in Visual Studio or Visual Studio Code. +1. Update the code: - # [JavaScript](#tab/js2) + # [JavaScript](#tab/js2) ```javascript const credentialsFactory = new ConfigurationServiceClientCredentialFactory({ @@ -198,7 +203,7 @@ To update the bot app code for MSI, follow these steps: const adapter = new CloudAdapter(botFrameworkAuthentication); ``` - # [C#](#tab/cs2) + # [C#](#tab/cs2) ```csharp builder.Configuration["MicrosoftAppType"] = "UserAssignedMsi"; @@ -209,15 +214,13 @@ To update the bot app code for MSI, follow these steps: --- -1. Update the `BOT_ID` in your `.env` file. - -1. Ensure you test your bot to confirm its operation aligns with the updated authentication. +1. Update the `BOT_ID` in the `.env` file. -## Delete bot secret +1. Ensure you test your agent or bot to confirm its operation aligns with the updated authentication. -Ensure that your bot app uses the certificate for authentication before you delete the bot secret. +### Delete bot secret -To delete the bot secret: +Ensure that your agent or bot app uses the certificate for authentication before you delete the bot secret. To delete the bot secret: 1. Go to [Azure portal](https://ms.portal.azure.com). 1. Select **App registrations**. @@ -231,7 +234,7 @@ To delete the bot secret: :::image type="content" source="../assets/images/toolkit-v2/delete-client-secret-value.png" alt-text="Screenshot shows the delete client secret value."::: -Your bot app now uses MSI for authentication. +Your agent or bot app now uses MSI for authentication. > [!div class="nextstepaction"] > [I ran into an issue](https://github.com/MicrosoftDocs/msteams-docs/issues/new?template=Doc-Feedback.yaml&title=%5BI%20ran%20into%20an%20issue%5D%20Update%20to%20MSI-based%20authentication&pageUrl=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Ftoolkit%2Fupdate-bot-me-app-to-use-certificate-or-msi-for-authentication%3Ftabs%3Dcertificate%252Cjs1%252Cjs2&contentSourceUrl=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmsteams-docs%2Fblob%2Fmain%2Fmsteams-platform%2Ftoolkit%2Fupdate-bot-me-app-to-use-certificate-or-msi-for-authentication.md&documentVersionIndependentId=fb0fc1e4-02c4-5de2-bed1-da3c33971117&author=muyangamigo&platformId=7d7829c1-68d8-1e75-4de1-a7e56b7dc090&metadata=*%2BID%253A%2Be473e1f3-69f5-bcfa-bcab-54b098b59c80%2B%250A*%2BService%253A%2B**msteams**) @@ -240,6 +243,7 @@ Your bot app now uses MSI for authentication. ## See Also +* [Build your first agent](../agents-in-teams/build-first-agent.md) * [Build bots for Teams](../bots/what-are-bots.md) * [Build message extensions](../messaging-extensions/what-are-messaging-extensions.md) -* [Authenticate users in Microsoft Teams](../concepts/authentication/authentication.md) \ No newline at end of file +* [Authenticate users in Microsoft Teams](../concepts/authentication/authentication.md)