This is a feature in Kantega SSO to support running the Atlassian products Confluence, Jira, Bamboo, and Bitbucket as apps in Microsoft Teams. Kantega SSO also gives you single sign-on using your user’s identity from Azure AD. If you are planning on running Microsoft Teams in browsers and not only as a standalone app, you will have to consider getting samesite cookies to work for the Atlassian apps when loaded in the Teams app, because of issues with Iframes and samesite cookies.. This problem is expained here: https://jira.atlassian.com/browse/CONFSERVER-59298 |
How Confluence may look as an integrated app inside Microsoft Teams after SSO
To set up what is needed to make Confluence, Jira, bamboo, or Bitbucket run inside Teams and offer SSO a few steps are neccesary. These are:
I. For Confluence only: Disable anti clickjacking protection as this is too strict to allow Confluence being added in a Teams app, and enable similar protection in Kantega SSO that allows for usage in Teams.
II. In Azure AD either add relevant Teams SSO configuration to existing OIDC client application that you set up when configuring Kantega SSO. You may also create a new Teams SSO client application setup. The latter is especially relevant if your current client application setup is using SAML.
III. Create a Teams app with the relevant URLs and values to allow SSO for your Atlassian product and publish this in your company’s Teams tenant.
IV. Turn on Teams SSO login in Kantega SSO and test your setup.
Parts of this guide is based on this guide from MIcrosoft https://docs.microsoft.com/en-us/microsoftteams/platform/sbs-tabs-and-messaging-extensions-with-sso?tabs=vs2019 .
Below the above 4 steps will be described in details for Jira.
2. Turn on Content Security Policy switch to give similar protection, but allowing for Confluence to be loaded in Microsoft Teams.
|
2.
You may search for the Client ID in the search bar of Azure AD. Open your existing client appliction and skip to point 6.
3. Press New registration, set a name for your new client application and press Register. You do not have to fill any of the other fields on this page. 4. Copy Client ID to use in later steps.
|
6. Click into API permissions and Add permissions.
8. Press |
9. Click api:// Please note the “-” between the two values above. Copy the api address for later use and press
11. Add Microsoft Teams client application IDs by pressing
Make sure to select Authorized scopes before you press Afterwards this section should look like this: 12. Then go to the |
2. Go to 3. On the Basic information page you may give suitable values for your App. All the below values must be set to allow the appliation to be published later:
|
4.
6. The app should now be ready and you should click left menu
|
7. Now you must use an Teams Administrator account to approve the app. Please navigate to Teams Administation
8. Click the new app in the list and click
9. Your new app should in a short while be searchable from Teams. 10. Your users may now search to find the app in Teams and add it either to the left menu in Teams or as a tab in a Teams group or chat window. If you have problems adding as a group app because the |
Enable Microsoft Teams SSO login
in Kantega SSO
2. Navigate to Client config tab
If you were reusing one or more OIDC client application(s) in Azure AD you should not need to set Client ID
and Client Secret
here.
If you set up a new client application in Azure AD also give in the values of Client ID
and Client Secret
.
3. And at last you should be able to log into your Atlassian product in a Team app.