Azure presence permissions for OneBot

Understand how to configure Azure presence permissions for OneBot

Written By Ben Lehmann

Last updated 7 months ago

Overview of OneBot Azure presence permissions

This article shows how OneBot uses Teams Presence information. Authorising OneBot to read the presence status of your organisation members enables OneBot to see which agents are available to support service users. Some OneBot actions also use presence information.

⚠️ Caution

This article does not provide guidance on how your organisation’s Azure access should be configured. Appropriate configuration for your organisation’s app and Azure tenancy is determined by your organisation and ideally follows Microsoft best practice guidance.

Understanding Azure presence permissions

What are presence and permissions?

Presence is part of a user's profile in Microsoft Teams. Presence indicates a Teams user's current availability and status to other users. Some of OneBot’s features and actions use Teams presence to understand which user agents are available to support your service users.

In order for a hand off to succeed, it is necessary for OneBot to query the presence (e.g. Online, Away, etc) of chat users to ensure that the user to which the end user is to be connected is online and available. In the case of Microsoft Teams, OneBot must be granted permission to query this information.

Permissions are a feature of Azure. They are access and activity rights that that can be granted to users, roles, groups, apps, (etc. etc.) and collectively control what activities may be performed and what areas may be accessed. Permissions are typically configured as part of a role within Microsoft Azure’s role-based access control (RBAC).

This article does not illustrate how to provide access to Azure permissions using role-based access control. Rather, the focus is on aiding understanding that giving access to presence information enables OneBot to provide value.

Creating an Azure presence permission

The process followed here illustrates a way OneBot might be configured to read Teams presence information in Azure. The optimal approach for your organisation will likely differ.

Setting the App Directory ID

Go to the Azure Portal (https://portal.azure.com) and log in. This will take you to the Azure Portal home page.

Use the Search Bar at the top of the page to search for “App Registrations” and select “App Registrations”.

This will list your registered applications, one of which should be your previously registered OneBot App. Click the name of your OneBot App to be taken to the individual setting for that App.

Find and copy the “Directory ID” value listed in the “Essentials” section:

Open the Microsoft Team configuration settings in the OneBot Administration Portal and paste the Directory ID copied in the previous step into the Directory ID field.

Adding the Redirect URL

Return to the Azure Portal and click “Add a Redirect URI”.

Click the “Add a platform” link on the Authentication screen.

Choose the “Web” application option from the panel that is displayed.

Return to the Microsoft Teams settings in the OneBot Administration Portal and copy URL displayed in the Endpoint field.

Return to the Azure Portal and paste the URL copied in the last step into the “Redirect URI” field and replace the word “hook” in the URL with the word “redirect”.

Click the “Configure” button to confirm these settings and be returned to the App Authentication page which should now display the newly configured Redirect URI.

Granting Presence Permissions

Select the “API Permission” option in the Microsoft Azure Portal. This can be found under the “Manage” category in the left-hand. Click the “Add a permission” button.

Select the “Microsoft Graph API” option from the panel that appears.

Select the “Delegated permissions” option.

Enter the word “Presence” in the search bar underneath the “Select permissions” heading. This will locate the permissions related to Microsoft Teams presence information. Select the “Presence.Read” and “Presence.Read.All” permissions and click “Add Permissions”. This will grant OneBot the permissions to read the presence information for users to determine if they are available for a hand off.

Successfully Granted Permissions will be displayed in the “Configured Permissions” table.

Granting Presence Permissions

Return to the OneBot Administration Portal and click the “Authorize” button.

This will open the Microsoft authorization page. Clicking “Accept” will grant OneBot access to user presence information. Upon successful completion, you will be returned to the Microsoft Teams Configuration in the OneBot Administration Portal as seen in the image above.

Resources for Azure permissions

Teams Presence - Understand Teams Presence and sharing user's availability with other users.

Microsoft Azure’s role-based access control (RBAC) - Understand role-based access control.