Back

Teams Messaging Integration

Last Updated:

 

March 18, 2026

Contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Teams can be configured to send messages directly from Oleria. Follow the pre-requisites and the steps below to set up the Teams messaging integration. 

The setup involves three parts:

  1. Entra ID App Registration — for Oleria to discover your teams, channels, and users
  2. Oleria Bot App Deployment — for delivering notifications to channels and direct messages
  3. Oleria Console Configuration — connecting everything together

Prerequisites

Role Required What They Do
Azure/Entra ID Admin (Global Admin or Application Admin) Creates or configures the App Registration and grants admin consent for API permissions
Microsoft Teams Admin Deploys the Oleria bot app and configures app availability policies
Oleria Workspace Admin Completes the configuration in the Oleria management console

Part 1: Entra ID App Registration

Choose the path that matches your situation:

  • Option A — Create a new dedicated App Registration for Oleria (Recommended)
  • Option B — Use an existing App Registration

Option A: Create a New App Registration (Recommended)

Who: Azure/Entra ID Admin

Why this is recommended: A dedicated App Registration follows the principle of least privilege. It only has the 5 read-only permissions Oleria needs, making it easy to audit, rotate secrets independently, and revoke access cleanly if needed.

Step 1: Register the application

  1. Sign in to the Azure Portal
  2. Navigate to Microsoft Entra IDApp registrationsNew registration
  3. Configure the following:
Field Value
Name Oleria Messaging Integration (or your preferred name)
Supported account types Accounts in this organizational directory only (Single tenant)
Redirect URI Leave blank — not required

  1. Click Register

Step 2: Generate a client secret

  1. In the new App Registration, navigate to Certificates & secrets
  2. Click Client secretsNew client secret
  3. Configure:
Field Value
Description Oleria integration
Expires 12 months or 24 months (set a calendar reminder to rotate before expiry)

  1. Click Add
  2. Copy the secret Value immediately — it will not be displayed again after you leave this page

Important: The secret value is only visible at the time of creation. If you lose it, you will need to generate a new one.

Step 3: Add API permissions

  1. Navigate to API permissionsAdd a permission
  2. Select Microsoft GraphApplication permissions
  3. Search for and add each of the following permissions:
Permission Description Why Oleria needs it
Channel.ReadBasic.All Read the names and descriptions of all channels List available channels during setup and for notification routing
Team.ReadBasic.All Get a list of all teams List your teams during setup configuration
User.Read.All Read all users' full profiles Resolve user email addresses to IDs for direct message delivery
TeamsAppInstallation.ReadForTeam.All Check if apps are installed in teams Verify bot is installed before sending channel messages
TeamsAppInstallation.ReadForUser.All Check if apps are installed for users Check bot installation status before sending direct messages

  1. After adding all 5 permissions, click Grant admin consent for [Your Organization]
  2. Confirm by clicking Yes
  3. Verify all 5 permissions show a green checkmark under the Status column

Step 4: Record your credentials

Collect the following values — you will need them in Part 3:

Credential Where to find it
Application (client) ID App Registration → Overview page
Client secret value From Step 2 above (copy at time of creation)
Directory (tenant) ID App Registration → Overview page

Proceed to Part 2.

Option B: Use an Existing App Registration

Who: Azure/Entra ID Admin

When to use this: If your organization already has an Entra App Registration (for example, for another Oleria integration or a shared integration app) and you prefer to reuse it rather than create a new one.

Important: Ensure the existing App Registration is not shared with services that have conflicting lifecycle requirements (e.g., different secret rotation schedules or different decommissioning timelines).

Step 1: Verify the App Registration type

  1. Sign in to the Azure Portal
  2. Navigate to Microsoft Entra IDApp registrations
  3. Find and select your existing App Registration
  4. On the Overview page, confirm:
Field Required Value
Supported account types Must include Accounts in this organizational directory (Single tenant or Multi-tenant both work)

Step 2: Verify or add API permissions

  1. Navigate to API permissions
  2. Check if the following Application permissions are already granted:
Permission Status needed
Channel.ReadBasic.All Granted
Team.ReadBasic.All Granted
User.Read.All Granted
TeamsAppInstallation.ReadForTeam.All Granted
TeamsAppInstallation.ReadForUser.All Granted

  1. If any permission is missing:
  • Click Add a permissionMicrosoft GraphApplication permissions
  • Search for and add the missing permission(s)
  • Click Grant admin consent for [Your Organization]
  • Verify all required permissions show a green checkmark

Step 3: Verify or create a client secret

  1. Navigate to Certificates & secretsClient secrets
  2. You may either:
  • Use an existing secret — if you have the value and it has sufficient remaining validity (at least 3 months recommended)
  • Create a new secret — click New client secret, set description to Oleria integration, choose an expiry, click Add, and copy the value immediately

Note: If the existing App Registration already has other permissions beyond the 5 listed above, those extra permissions are not used by Oleria's Teams messaging integration. They will not interfere, but you may want to review them for your own security posture.

Step 4: Record your credentials

Collect the following values — you will need them in Part 3:

Credential Where to find it
Application (client) ID App Registration → Overview page
Client secret value From Step 3 above
Directory (tenant) ID App Registration → Overview page

Proceed to Part 2.

Part 2: Deploy the Oleria Bot App

Who: Microsoft Teams Admin

The Oleria bot app is a pre-built Teams application provided by Oleria. It is separate from the Entra App Registration configured in Part 1. The bot handles the delivery of notification messages to your Teams channels and direct messages.

Step 1: Obtain the Oleria Teams app package

  1. Your Oleria account team will provide the bot app package as a .zip file
  2. If you have not received this, contact your Oleria representative

Step 2: Upload the app to Teams Admin Center

  1. Sign in to the Teams Admin Center
  2. Navigate to Teams appsManage apps
  3. Click Upload new appUpload
  4. Select the Oleria .zip package and confirm the upload
  5. The app will appear in the app list once uploaded

Step 3: Allow the app

  1. In Manage apps, search for the Oleria app
  2. Click on the app name to open its details
  3. Ensure the Status is set to Allowed

Step 4: Configure app availability

Choose one of the following deployment strategies based on your organization's needs:

Strategy When to use How to configure
Organization-wide All users should receive Oleria notifications Go to Setup policies → edit Global (Org-wide default) → under Installed apps, click Add apps → search for Oleria →
Add → Save
Targeted rollout Only specific teams/groups should receive notifications Go to Setup policiesAdd a new policy → add the Oleria app under Installed appsSave → assign the
policy to the relevant users or groups

Important for Direct Messages: The bot can send direct messages to any user who has access to the app via the setup policy. Users do not need to manually install the app — the bot creates conversations automatically.

Step 5: Verify deployment

  1. Open Microsoft Teams as a user covered by the setup policy
  2. Go to Apps in the left sidebar
  3. Search for "Oleria" — the app should appear and show as available

Part 3: Configure in Oleria Console

Who: Oleria Workspace Admin

Step 1: Enter Teams credentials

  1. Log in to the Oleria management console
  2. Navigate to SettingsMessagingAdd Messaging System
  3. Select Microsoft Teams
  4. Enter the credentials collected in Part 1:
Field Value
Client ID Application (client) ID from your Entra App Registration
Client Secret Client secret value from your Entra App Registration
Tenant ID Directory (tenant) ID from your Entra App Registration

  1. Click Authenticate
  2. Oleria will validate the credentials against your Azure AD tenant

Step 2: Select your team and default channel

  1. After successful authentication, a list of your teams will appear
  2. Select the team where Oleria should deliver notifications
  3. Select the default channel for notifications (e.g., General or a dedicated channel like #oleria-alerts)
  4. Click Save

Step 3: Test the integration

  1. Use the Send Test Message option in the Oleria console
  2. Verify the test message appears in the selected Teams channel
  3. Optionally, test a direct message by entering a user email address

Contact us

For questions about this integration, please contact us at support@oleria.com.

How can a comprehensive identity
security solution empower your team?

Let's talk