MicroStrategy ONE

Register an App on Microsoft Entra ID

Starting in MicroStrategy ONE (June 2024), to use the MicroStrategy Teams App, you must configure the Azure AD Application Registration for Teams. The following steps assume you already have the right to create the Application Registration.

Create a New Application Registration

  1. Open the Microsoft Azure Portal.
  2. Click App registrations.
  3. Click New registration.
  4. Enter a Name and click Register.

Create a Client Secret

  1. In the left navigation menu, click Certificates & secrets.
  2. Click New client secret.
  3. Click the Copy icon next to the value field to copy the client secret for later use.
  4. This value does not appear again once you leave the client secret page.

Modify the Manifest

  1. In the left navigation menu, click Manifest.
  2. Update the accessTokenAcceptedVersion value to 2.

  3. Click Save.

Expose an API

Add the Application ID URI

  1. In the left navigation menu, click Expose an API.
  2. Click Add under Add an Application ID URI.
  3. The format of the URI is api://<host name>/botid-<current application registration id>. The "current application registration ID" is the Application(client) ID in Overview.

  4. Click Save.

Define Scope for the API

  1. Click Add a scope.
  2. In Scope name enter access_as_user.

  3. Select Admins and users in Who can consent?.
  4. Enter values in the other required fields.
  5. Click Add scope.

Add Authorized Client Applications

  1. Click Add a client application and enter both Client IDs. The two Client IDs are fixed. They must be 1fec8e78-bce4-4aaf-ab1b-5451cc387264 and 5e3ce6c0-2b1f-4285-8d4b-75ee78787346.

  2. Click Add application. The final result is:

Check the Configuration

  1. In the left navigation menu, click Overview.
  2. Check that the following fields are correct:
    • Application (client) ID
    • Directory (tenant) ID
    • Application ID URI

  3. Copy the Application (client) ID and Directory (tenant) ID values to for later use in the Teams add-in configuration page.

Add Redirect UI

You need the Redirect UI so that the pin in Teams can correctly redirect you back to MicroStrategy and to use MicroStrategy Bots in Teams.

  1. In the left navigation menu, click Certificates & secrets.
  2. Click Add a platform.

  3. Choose Web or Single-page application.
  4. For the Teams configuration, if you are using MicroStrategy ONE (September 2024) or later, you need to create two Web platforms and three Single-page application platforms. If you are using a version prior to MicroStrategy ONE (September 2024), you need to create one Web platform and two Single-page application platforms.

  5. Enter a Redirect URI.
  6. Replace “tec-l-1203355.labs.microstrategy.com” with your library URL's origin.

    In Single-page application, the Client ID is the Application(client) ID in Overview. blank-auth-end.html is only a placeholder.

  7. Click Configure.
  8. Repeat steps 1-4 until you create one Web platform and two Single-page application platforms.

Add a Group Claim

  1. In the left navigation menu, click Token Configuration.

  2. Click Add groups claim.

  3. Select the check box next to All groups (includes 3 group types: security groups, directory roles, and distribution lists).
  4. Click Add.

API Permissions

  1. Click Add a permission.

  2. Choose Microsoft Graph.

  3. Search and select check box next to the following permissions:
    • AppCatalog.Submit

    • Channel.ReadBasic.All

    • Team.ReadBasic.All

    • TeamsAppInstallation.ReadForTeam

    • TeamsAppInstallation.ReadWriteSelfForTeam

    • TeamsTab.Create

    • User.Read

  4. Click Save.
  5. Click Grant admin consent for MSFT and ensure the Status of all permissions is set to Granted for MSFT.