Microsoft Teams Notification Integration

Overview

Identity Intelligence can integrate with one or more Microsoft Teams instances to provide notifications and in some cases automation of frequently recurring identity tasks.

Audience

This document is intended for identity security, IAM, and IT administrators responsible for integrations between identity, security, and collaboration platforms, including notifications, alerting, and incident remediation.

Benefits

Integrating the Identity Intelligence platform with your Teams environment allows for fast notification and remediation of both failed identity health checks and also individual user identity issues or investigations.

For more information, please see the corresponding article detailing different types of notifications and collaboration available from Identity Intelligence.

Requirements

The following requirements exist for the Teams notifications integration:

  1. Azure AD must first be configured in your Identity Intelligence tenant for Azure tenant that underlies your Teams environment

  2. A Teams admin account is required to upload the Identity Intelligence Bot for Teams via the Teams admin center

  3. A Team or Channel owner role is required to add the Identity Intelligence Bot app to the desired channel

Important Notes

  1. The Teams app cannot be added to a private Teams channel, due to Microsoft restrictions on third party apps

  2. The current Teams app only connects with US production Identity Intelligence tenants. Cisco is currently developing a separate Teams app package for other deployment zones, such as EU, AU, and JP.

High-level Integration Steps

The current steps to configure this functionality are as follows.

  1. Configure the Azure AD integration for your Identity Intelligence team to the corresponding Azure tenant where the Teams environment resides (required)

  2. Download the Identity Intelligence (Oort) Production Teams App (zip file below). If you have any issues downloading the file, contact your Cisco Support representative

  1. Install the Identity Intelligence (Oort) Teams communication bot in your Teams tenant as an administrator

  2. Configure Teams notifications for the desired checks and events in the Identity Intelligence console

Installing the Identity Intelligence app in your Teams environment

  1. From within the Teams admin center console, select Teams apps -> Manage apps

  2. Click + Upload and then Upload again

  3. Select the ZIP file, provided above, and upload it

  4. After successful upload, click the link to manage the app

  5. From here you will be see the details of the app

Adding the Identity Intelligence app to a Teams channel or team

To add the app to a Team or Channel, perform the following steps.

Note - You must be signed into Teams with an account that has the Owner role for the Team and Channel where you want to install the Identity Intelligence (Oort) Bot for use in your organization.

  1. Select the desired Team and click the three dot menu. Select Manage team

  2. Select the Apps tab and then More apps button on the right. Click the Identity Intelligence (Oort) Bot. If there are many apps under Built for your org, then click See all on the right side

  3. Click Add to a team

  4. Select the desired Team and channel and click Install bot

    1. If you a receive a Something went wrong message, this means that the account you're signed into Teams with is not an owner of that Team or channel and doesn't have permissions to install applications. Sign out and sign in with an account that is an owner of the desired Team

  5. From the Manage channel -> Apps tab, you should now see the Identity Intelligence (Oort) Bot in your app list

You must now proceed to the next section to add Teams as a notification target within Identity Intelligence.

Adding a Teams notification target in Identity Intelligence

  1. Within your Identity Intelligence tenant console, navigate to Integrations and Add Integration. You should now see a Microsoft Teams tile under the Notification Targets category.

  2. Click + Add MS Teams Target

  3. Provide a Name and Description for the notification target. NOTE: more than one target can be configured to the same Teams tenant

  4. Select either Failed checks or Data collection, or both, for the types of notifications to send to this target

    1. Failed checks notifications provide Teams notifications on a daily basis of net-new users failing specific health checks. Please see below

    2. Data collection provides a daily update notification upon successful user data collection from one or more integrations

  5. Select the desired Microsoft Teams environment

  6. Enter the desired channel name OR specific person via UPN (e.g. firstname.lastname@company.com) where the notifications should go to

  7. Click Save

  8. You will now see a Teams entry for both Instant Messaging (direct msgs to users or their managers) and Notification targets

  9. You can test connectivity using the three dot menu on the right side of the integration object

  10. A successful test message will be sent to the target indicating this is a "verification" message

Using the Test button for a notification target on a specific check page will send a test message to the signed in user, NOT the configured channel, to verify any custom messages look as intended

Configuring Teams Notifications for Identity Intelligence Checks

Now that the Teams integration is in place, configure one or more check types to send notifications to the configured channel.

For example, for the Inactive Users check, you can send Failure Reports to the Teams notification targets once a day. This occurs when data is collected and processed by Identity Intelligence.

You can also send direct messages to users or their manager upon failure of a particular check. This is useful when the user or the manager can take direct action to remediate the issue.

For example, a manager of an inactive user can submit a ticket or begin the process to deactivate an inactive user account if that user no longer needs access.

Deleting the Identity Intelligence app for Teams

Should it be necessary to delete the Identity Intelligence app from your Teams environment, simply find it in the Manage apps screen and click it to see details.

From this screen, the three dot menu will provide an option for Actions -> Delete.

PreviousMailgun IntegrationNextOkta Log Streaming AWS EventBridge Integration

Last updated