Microsoft Teams

introduction this guide explains how to authenticate the microsoft teams connector in swimlane using one of the following authentication methods oauth 2 0 client credentials (application permissions) oauth 2 0 password grant (delegated permissions) oauth 2 0 refresh token grant (delegated permissions with mfa) you will create an azure app, assign permissions, collect the required identifiers, and configure the connector inside swimlane prerequisites azure access requirements register applications in azure active directory assign api permissions (application + delegated) grant admin consent view tenant and directory information create client secrets required credentials client id client secret tenant id token url scope (for delegated auth) username and password (for refresh token flow) refresh token authentication methods overview oauth 2 0 client credentials used for non mfa accounts and for most server to server automations you will need client id client secret tenant id token url (must include tenant id) scope(s) oauth 2 0 password grant (delegated) used when the connector must act on behalf of a user you will need username password client id client secret (optional) token url scope(s) oauth 2 0 refresh token grant (delegated + mfa) use when the teams or microsoft 365 account has mfa enabled you will need client id client secret refresh token tenant id redirect uri (added during azure app registration) azure setup register the application go to azure portal > azure active directory > app registrations click new registration enter an application name select accounts in this organizational directory only click register assign api permissions open api permissions click add a permission select microsoft graph add the required permissions based on your microsoft teams actions channelmember readwrite all teammember readwrite all channel create channel create group directory readwrite all group readwrite all team create teamwork migrate all click add permissions click grant admin consent for your organization create a client secret navigate to certificates & secrets click new client secret add description and expiration click add copy and save the secret value collect required identifiers client id tenant id password grant requirements oauth2 username → azure username oauth2 password → azure password if mfa is enabled, use refresh token flow instead refresh token flow setup add a redirect uri (platform web) during registration assign delegated permissions use the swimlane provided python script to generate a refresh token connector configuration in swimlane log into turbine click orchestration click assets click the + icon to create a new asset select microsoft teams from the asset type list fill in the asset settings and asset input as shown as per your authentication method configuration client credentials field description required url api endpoint required token url token url required client id client id required client secret client secret required scope permission scopes required verify ssl ssl verification optional http proxy proxy details optional fields with marks are required token url format https //login microsoftonline com/{tenant id}/oauth2/v2 0/token configuration password grant (delegated authentication) field description required/optional url api endpoint required token url token url required oauth2 username username required oauth2 password password required client id client id required client secret client secret optional scope delegated scopes required verify ssl ssl verification optional http proxy proxy details optional fields with marks are required configuration refresh token grant (delegated + mfa) field description required/optional url api endpoint required tenant id tenant id required cl id client id required cl secret client secret required refresh token refresh token required verify ssl ssl verification optional http proxy proxy details optional fields with marks are required click create troubleshooting error 403 forbidden occurs when missing graph or teams permissions missing admin consent incorrect tenant or token url using application permissions where delegated is required fix re grant admin consent verify permissions ensure token url includes the correct tenant id you have successfully authenticated the microsoft teams connector using one of the supported oauth flows