-
Notifications
You must be signed in to change notification settings - Fork 203
Multi tenancy Support for Microsoft Entra app
When SSO is enabled, Teams Toolkit will by default provision a single-tenant Microsoft Entra app, which means only user and guest accounts in the same directory as your M365 account can successfully sign in to your Teams app.
To support multi-tenant, you can follow the steps below to update your TeamsFx project.
Note: This document is only for TeamsFx projects that have already enabled single sign on.
This part is only for TAB projects for ts/js. If you are working on a Bot/Messaging Extension or a VS project, please go to Update your project.
Since Microsoft Entra app requires an "tenant verified domain" for
Application ID URI
, you can use your own Custom Domain or Create a new Custom Domain on Azure.
-
Provision your TeamsFx project.
-
Note Frontend Info.
- Open
.fx\env\.env.{envName}
file - Note the
TAB_ENDPOINT
and find the resource group.
-
Login to Azure portal, create a CDN profile and a CDN endpoint, select endpoint type as Storage static website, then point to your frontend hosting storage. Learn More
-
Navigate to your created CDN endpoint and copy the endpoint hostname. For example, "https://sample.azureedge.net"
-
(Optional) Provision CDN Profile on Azure Portal
-
Login to Azure portal, create a CDN profile and a CDN endpoint, select endpoint type as Storage static website, then point to your frontend hosting storage. Learn More
-
Navigate to your created CDN endpoint and copy the endpoint hostname. For example, "https://sample.azureedge.net"
Note: If you have a Custom Domain, you can skip this part. Remember to point your Custom Domain to the Frontend Domain noted in step 2.
- Update Frontend Info.
-
Open
infra\azure.bicep
file, and find the following two lines:output TAB_DOMAIN string = siteDomain output TAB_HOSTNAME string = siteDomain output TAB_ENDPOINT string = 'https://${siteDomain}'
-
Replace
siteDomain
with your CDN endpoint as following. Note you need to use your CDN endpoint copied above.
output TAB_DOMAIN string = 'sample.azureedge.net'
output TAB_HOSTNAME string = 'sample.azureedge.net'
output TAB_ENDPOINT string = 'https://sample.azureedge.net'
-
Run "Teams - Provision in the cloud" and "Teams - Deploy to the cloud" or press F5 to start local debug.
Please refer to the Setup CDN as storage custom domain to config custom domain.
Note: you can skip the last
Provision
andDeploy
step since we will do this after everything is setup.
This part is only for TAB projects with Azure Function.
- Open
./infra/azure.bicep
, find the following lines:and replace the tabDomain in cors.allowedOrigins with your Custom Domain.resource functionApp 'Microsoft.Web/sites@2021-02-01' = { ... properties: { ... cors: { allowedOrigins: [ tabDomain ] } ... } ...
-
Open
./aad.manifest.json
, findsignInAudience
and set value asAzureADMultipleOrgs
. -
Open
infra/azure.parameter.${env}.json
and find the following line:"m365TenantId": "{{state.fx-resource-aad-app-for-teams.tenantId}}",
and replace with:
"m365TenantId": "common",
Build Custom Engine Copilots
- Build a basic AI chatbot for Teams
- Build an AI agent chatbot for Teams
- Expand AI bot's knowledge with your content
Scenario-based Tutorials
- Send notifications to Teams
- Respond to chat commands in Teams
- Respond to card actions in Teams
- Embed a dashboard canvas in Teams
Extend your app across Microsoft 365
- Teams tabs in Microsoft 365 and Outlook
- Teams message extension for Outlook
- Add Outlook Add-in to a Teams app
App settings and Microsoft Entra Apps
- Manage Application settings with Teams Toolkit
- Manage Microsoft Entra Application Registration with Teams Toolkit
- Use an existing Microsoft Entra app
- Use a multi-tenant Microsoft Entra app
Configure multiple capabilities
- How to configure Tab capability within your Teams app
- How to configure Bot capability within your Teams app
- How to configure Message Extension capability within your Teams app
Add Authentication to your app
- How to add single sign on in Teams Toolkit for Visual Studio Code
- How to enable Single Sign-on in Teams Toolkit for Visual Studio
Connect to cloud resources
- How to integrate Azure Functions with your Teams app
- How to integrate Azure API Management
- Integrate with Azure SQL Database
- Integrate with Azure Key Vault
Deploy apps to production