The CyberRiskAware Teams application supports integration as an MS Teams Custom Tab. This effectively allows usage of the CyberRiskAware Training platform within each users MS Teams client. The steps below illustrate how this installation can take place.

Prerequisite:

Before starting your Teams integration, it is mandatory that your Cyber Risk Aware application is configured for Azure AD with SSO (Single Sign On).

Azure AD SSO configuration can be found here. If this step is not completed, the Teams integration will not work.

Integration between MS Teams and the CyberRiskAware application can be done in 2 steps.

Add / Update Application registration in Azure AD on your Azure Tenant.
Install the Cyber Risk Aware application globally across your MS Teams account.

It is advisable to run some tests on the Teams app integration before deploying it org-wide.

1. Register an Application in Azure AD

The first step is to register the CyberRiskAware Teams application within your Azure Active Directory. The steps involved in registering the application are listed below:

Sign in to your Azure portal: https://portal.azure.com
Choose your Azure AD tenant
From the homepage, click on Azure Active Directory.

App Registration

Click on App Registrations and then click on New registration.

Set the following values in the form:
- Name: CyberRiskAware Teams
- Supported Account Types: Default option
- Redirect URI: https://{your domain name}.cyberriskaware.com

(example https://mycompany.cyberriskaware.com) – This will be your Cyber Risk Aware portal URL

Click the Register button
Once you've completed registration, Azure AD will assign your application a unique client identifier, the Application ID. You need this value in the next sections, so copy it from the application page. The Application ID can be found on the Overview screen of your App registration. Take note of this value.

Generate an Application Secret

The next step is to generate an application secret. Your Cyber Risk Aware instance will use this value to prove its identity when connecting to Azure.

Select the Certificates & Secrets tab, and then the New client secret button.

Provide a description (e.g. CRA Secret or CRA Teams Secret etc) and select an expiration date.

Once you've created the Client Secret, please take note of the secret value (and NOT the secret ID), as this field will be needed when configuring the Authentication Settings on the Cyber Risk Aware portal.

Configure the Reply URLs against the Application Registration in Azure AD

The next step is to assign the allowed reply URLs to your app registration. This telling the app registration in your Azure AD what URLs are allowed to be redirected to upon successful authentication with the AD.

Whilst still logged into your Azure Portal (https://portal.azure.com), select the app registration you created above.

In the overview section, you will be see your Application (Client) ID.
Please take note of this as you will need it later.

Authentication

In the Authentication Section of the app registration enter and save the following URLs for the Redirect URLs

https://{your domain name}.cyberriskaware.com/auth/osignedin (example would be https://mycompany.cyberriskaware.com/auth/osignedin)

https://{your domain name}.cyberriskaware.com (example would be https://mycompany.cyberriskaware.com)

Note - the save button is highlighted at the top of the above screen to show its' position.
Please don't click it until you've scrolled down and completed the following step.
Also with in the Authentication section (when you scroll down), in the Implicit grant and hybrid flows section mark the check box for Access tokens and ID Tokens. This ensures the ID Token is passed to the Cyber Risk Aware portal.