05/2022 - rev 2
Oort can integrate with one or more Microsoft Teams instances to provide notifications and in some cases automation of frequently recurring identity tasks.
This document is intended for identity security, IAM, and IT administrators responsible for integrations between identity, security, and collaboration platforms, including notifications, alerting, and incident remediation.
Integrating the Oort platform with your Teams environment allows for fast notification and remediation of both failed identity health checks and also individual user identity issues or investigations.
For more information, please see the corresponding article detailing different types of notifications and collaboration available from Oort.
The following requirements exist for the Teams notifications integration:
- Azure AD must first be configured in your Oort tenant for Azure tenant that underlies your Teams environment.
- A Teams admin account is required to upload the Oort Bot for Teams via the Teams admin center.
- A Team or Channel owner role is required to add the Oort Bot app to the desired channel.
The current steps to configure this functionality are as follows.
- Configure the Azure AD integration for your Oort team to the corresponding Azure tenant where the Teams environment resides (required).
- Contact your Oort representative or email firstname.lastname@example.org to inform them that you would like to enable Teams notifications as a feature.
- The Oort team will provide the Oort Teams bot installation package.
- Install the Oort Teams communication bot in your Teams tenant as an administrator
- Configure Teams notifications for the desired checks and events in the Oort console.
From within the Teams admin center console, select Teams apps -> Manage apps.
Click + Upload and then Upload again.
Select the ZIP file provided by the Oort solutions team and upload it.
After successful upload, click the link to manage the app.
From here you will be see the details of the app.
To add the app to a Team or Channel, perform the following steps.
Note - You must be signed into Teams with an account that has the Owner role for the Team and Channel where you want to install the Oort Bot for use in your organization.
Select the desired Team and click the three dot menu. Select Manage team.
Select the Apps tab and then More apps button on the right. Click the Oort Bot. If there are many apps under Built for your org, then click See all on the right side.
Click Add to a team.
Select the desired Team and channel and click Install bot.
If you a receive a Something went wrong message, this means that the account you're signed into Teams with is not an owner of that Team or channel and doesn't have permissions to install applications. Sign out and sign in with an account that is an owner of the desired Team.
From the Manage channel -> Apps tab, you should now see the Oort Bot in your app list.
Please proceed to the next section.
Within your Oort tenant console, navigate to Integrations and Add Integration. You should now see a Microsoft Teams tile under the Notification Targets category.
Click + Add MS Teams Target
Provide a Name and Description for the notification target. NOTE - more than one target can be configured to the same Teams tenant.
Select either Failed checks or Data collection, or both, for the types of notifications to send to this target.
- Failed checks notifications provide Teams notifications on a daily basis of net-new users failing specific health checks. Please see below.
- Data collection provides a daily update notification upon successful user data collection from one or more integrations.
Select the desired Microsoft Teams environment.
Enter the desired channel name where the notifications should go to.
You will now see a Teams entry for both Instant Messaging (direct msgs to users or their managers) and Notification targets.
You can test connectivity using the three dot menu on the right side of the integration object.
A successful test message will be sent to the channel
Now that the Teams integration is in place, configure one or more health check types to send notifications to the configured channel.
For example, for the Inactive Users check, you can send Failure Reports to the Teams notification targets once a day. This occurs when data is collected and processed by Oort.
You can also send direct messages to users or their manager upon failure of a particular check. This is useful when the user or the manager can take direct action to remediate the issue.
For example, a manager of an inactive user can submit a ticket or begin the process to deactivate an inactive user account if that user no longer needs access.
Should it be necessary to delete the Oort app from your Teams environment, simply find it in the Manage apps screen and click it to see details.
From this screen, the three dot menu will provide an option for Actions -> Delete.