The CyberRiskAware Teams application supports integration as an MS Teams Custom Tab. This effectively allows usage of the CyberRiskAware Training platform within each users MS Teams client. The steps below illustrate how this installation can take place.
Prerequisite:
Before starting your Teams integration, it is mandatory that your Cyber Risk Aware application is configured for Azure AD with SSO (Single Sign On).
Azure AD SSO configuration can be found here. If this step is not completed, the Teams integration will not work.
Integration between MS Teams and the CyberRiskAware application can be done in 2 steps.
- Add / Update Application registration in Azure AD on your Azure Tenant.
- Install the Cyber Risk Aware application globally across your MS Teams account.
It is advisable to run some tests on the Teams app integration before deploying it org-wide.
1. Register an Application in Azure AD
The first step is to register the CyberRiskAware Teams application within your Azure Active Directory. The steps involved in registering the application are listed below:
- Sign in to your Azure portal: https://portal.azure.com
- Choose your Azure AD tenant
- From the homepage, click on Azure Active Directory.
App Registration
- Click on App Registrations and then click on New registration.
- Set the following values in the form:
- Name: CyberRiskAware Teams
- Supported Account Types: Default option
- Redirect URI: https://{your domain name}.cyberriskaware.com
(example https://mycompany.cyberriskaware.com) – This will be your Cyber Risk Aware portal URL
- Click the Register button
- Once you've completed registration, Azure AD will assign your application a unique client identifier, the Application ID. You need this value in the next sections, so copy it from the application page. The Application ID can be found on the Overview screen of your App registration. Take note of this value.
Generate an Application Secret
The next step is to generate an application secret. Your Cyber Risk Aware instance will use this value to prove its identity when connecting to Azure.
- Select the Certificates & Secrets tab, and then the New client secret button.
- Provide a description (e.g. CRA Secret or CRA Teams Secret etc) and select an expiration date.
- Once you've created the Client Secret, please take note of the secret value (and NOT the secret ID), as this field will be needed when configuring the Authentication Settings on the Cyber Risk Aware portal.
Configure the Reply URLs against the Application Registration in Azure AD
The next step is to assign the allowed reply URLs to your app registration. This telling the app registration in your Azure AD what URLs are allowed to be redirected to upon successful authentication with the AD.
- Whilst still logged into your Azure Portal (https://portal.azure.com), select the app registration you created above.
- In the overview section, you will be see your Application (Client) ID.
Please take note of this as you will need it later.
Authentication
- In the Authentication Section of the app registration enter and save the following URLs for the Redirect URLs
https://{your domain name}.cyberriskaware.com/auth/osignedin (example would be https://mycompany.cyberriskaware.com/auth/osignedin)
https://{your domain name}.cyberriskaware.com (example would be https://mycompany.cyberriskaware.com)
- Note - the save button is highlighted at the top of the above screen to show its' position.
Please don't click it until you've scrolled down and completed the following step. - Also with in the Authentication section (when you scroll down), in the Implicit grant and hybrid flows section mark the check box for Access tokens and ID Tokens. This ensures the ID Token is passed to the Cyber Risk Aware portal.
Now, click the Save button at the top of the page (see previous image).
API Permissions
Select Add Permission
Select Microsoft Graph
Select Application permissions
Scroll down the list and select the User -> User.Read.All permission
Select Add Permissions at bottom of screen
Select Add Permission
Select Microsoft Graph
Select Delegated permissions
Scroll down the list and select the User -> User.Read and User.Read.All permissions
Select Add Permissions at bottom of screen
Select the Grant admin consent for <Your AD Directory>
2. Configure your CyberRiskAware Portal
In your CyberRiskAware portal navigate to Configuration -> Training Settings - Teams Settings
Note: If you see the following message then contact support to have Teams enabled on your portal
Fill in the required details about your Azure AD application you created above.
Azure Tenant Id: Your Azure Tenant ID
Client Id: The client ID of the application created above
Client Secret: The client secret of the application created above
Authority: https://login.microsoftonline.com/YOUR_AZURE_TENANT_ID/v2.0
Domain Hint: Your_Azure_Domain e.g. mycompany.com (Do not include https:// with this string)
Click Save.
3. Testing the Teams App integration
Reference: https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/apps-upload
Download the following manifest file locally: https://cdn1.cyberriskaware.com/crapublic/teams_addin/CyberRiskAware_TeamsApp.zip
Upload the app locally for testing
You can sideload the teams app for personal use in order to test the integration
- Log in to the Teams client with your Microsoft 365 development account.
- Select Apps and choose Upload a customised app.
- Select Upload for me or my teams.
- Select the app package .zip file. An install dialog displays.
- Add the app to Teams.
4. Install the CyberRiskAware Teams app globally across your MS Teams.
Download the following manifest file locally: https://cdn1.cyberriskaware.com/crapublic/teams_addin/CyberRiskAware_TeamsApp.zip
In the Teams administration center:
- Select Teams Apps -> Setup Policies
- Select Global (Org-wide default) policy
- Select Add apps
- Type "cyber" in the search box and select Add to add the CyberRiskAware Training Addon
In the Pinned Apps section:
- Select Add Apps
- Type "cyber" in the search box and select Add to add the CyberRiskAware Training Addon
5. Using the CyberRiskAware Teams Application
Refer to article: https://support.cyberriskaware.com/a/solutions/articles/31000160306