The CyberRiskAware Teams application supports integration as an MS Teams Custom Tab. This effectively allows usage of the CyberRiskAware Training platform within each users MS Teams client. The steps below illustrate how this installation can take place.


Prerequisite:


Before beginning, it is mandatory that your Cyber Risk Aware application is configured for SSO with Azure AD. 

Azure AD SSO configuration can be found here.


Integration between MS Teams and the CyberRiskAware application can be done in 2 steps.


  1. Add / Update Application registration in Azure AD on your Azure Tenant.

  2. Install the Cyber Risk Aware application globally across your MS Teams account.



It is advisable to run some tests on the Teams app integration before deploying it org-wide.




1. Register an Application in Azure AD



The first step is to register the CyberRiskAware Teams application within your Azure Active Directory. The steps involved in registering the application are listed below:


  • Sign in to your Azure portal: https://portal.azure.com
  • Choose your Azure AD tenant
  • From the homepage, click on Azure Active Directory.



App Registration

  • Click on App Registrations and then click on New registration.




  • Set the following values in the form:
    • Name: CyberRiskAware Teams
    • Supported Account Types:  Default option
    • Redirect URI: https://{your domain name}.cyberriskaware.com 

                        (example https://mycompany.cyberriskaware.com) – This will be your Cyber Risk Aware portal URL





  • Click the Register button
  • Once you've completed registration, Azure AD will assign your application a unique client identifier, the Application ID. You need this value in the next sections, so copy it from the application page. The Application ID can be found on the Overview screen of your App registration. Take note of this value. 



Generate an Application Secret


The next step is to generate an application secret. Your Cyber Risk Aware instance will use this value to prove its identity when connecting to Azure.


  • Select the Certificates & Secrets tab, and then the New client secret button.




  • Provide a description (e.g. CRA Secret or CRA Teams Secret etc) and select an expiration date.



  • Once you've created the Client Secret, please take note of the secret value (and NOT the secret ID)as this field will be needed when configuring the Authentication Settings on the Cyber Risk Aware portal.



Configure the Reply URLs against the Application Registration in Azure AD



The next step is to assign the allowed reply URLs to your app registration. This telling the app registration in your Azure AD what URLs are allowed to be redirected to upon successful authentication with the AD.




  • In the overview section, you will be see your Application (Client) ID. 
    Please take note of this as you will need it later.


Authentication

  • In the Authentication Section of the app registration enter and save the following URLs for the Redirect URLs


        https://{your domain name}.cyberriskaware.com/auth/osignedin (example would be https://mycompany.cyberriskaware.com/auth/osignedin)

        https://{your domain name}.cyberriskaware.com (example would be https://mycompany.cyberriskaware.com)





  • Note - the save button is highlighted at the top of the above screen to show its' position.
    Please don't click it until you've scrolled down and completed the following step.

  • Also with in the Authentication section (when you scroll down), in the Implicit grant and hybrid flows section mark the check box for Access tokens and ID Tokens. This ensures the ID Token is passed to the Cyber Risk Aware portal.



Now, click the Save button at the top of the page (see previous image).





API Permissions

Select Add Permission

Select Microsoft Graph

Select Application permissions

Scroll down the list and select the User -> User.Read.All permission

Select Add Permissions at bottom of screen


Select Add Permission

Select Microsoft Graph

Select Delegated permissions

Scroll down the list and select the User -> User.Read and User.Read.All permissions

Select Add Permissions at bottom of screen


Select the Grant admin consent for <Your AD Directory>




2. Configure your CyberRiskAware Portal


In your CyberRiskAware portal navigate to Configuration -> Training Settings - Teams Settings


Note: If you see the following message then contact support to have Teams enabled on your portal


Fill in the required details about your Azure AD application you created above.


Azure Tenant Id:  Your Azure Tenant ID


Client Id: The client ID of the application created above


Client Secret: The client secret of the application created above


Authority: https://login.microsoftonline.com/YOUR_AZURE_TENANT_ID/v2.0


Domain Hint: Your_Azure_Domain e.g. mycompany.com (Do not include https:// with this string)



Click Save.


3. Testing the Teams App integration

Reference: https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/apps-upload


Download the following manifest file locally: https://cdn1.cyberriskaware.com/crapublic/teams_addin/CyberRiskAware_TeamsApp.zip

Upload the app locally for testing

You can sideload the teams app for personal use in order to test the integration

  1. Log in to the Teams client with your Microsoft 365 development account.
  2. Select Apps and choose Upload a customised app.
  3. Select Upload for me or my teams.
  4. Select the app package .zip file. An install dialog displays. Screenshot showing an example of a Teams app install dialog.
  5. Add the app to Teams.



4. Install the CyberRiskAware Teams app globally across your MS Teams.


Download the following manifest file locally: https://cdn1.cyberriskaware.com/crapublic/teams_addin/CyberRiskAware_TeamsApp.zip


In the Teams administration center:

  • Select Teams Apps -> Setup Policies
  • Select Global (Org-wide default) policy


  • Select Add apps
  • Type "cyber" in the search box and select Add to add the CyberRiskAware Training Addon

In the Pinned Apps section:

  • Select Add Apps
  • Type "cyber" in the search box and select Add to add the CyberRiskAware Training Addon




5. Using the CyberRiskAware Teams Application


Refer to article: https://support.cyberriskaware.com/a/solutions/articles/31000160306