-
Notifications
You must be signed in to change notification settings - Fork 205
ZZZ ‐ [Archived] ‐ Update bot project using bot id and bot password to using certificate or MSI
Important
Content in this document has been moved to Teams platform documentation. Please do not refer to or update this document.
You can follow this guide to update your existing bot project to use certificate or MSI for bot authentication to resolve the compliance issue of using Entra id with secret.
You should have a Teams bot app that has been deployed to Azure with the following resources:
- Azure bot service
- An Entra id with a secret that is used for bot authentication
- A resource that hosts your bot app (app service, Azure functions, etc)
- Prepare a certificate and a private key.
- Upload certificate to your Entra id.
- Update your code and deploy to your hosting resource.
For typescript/javascript project:
const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
MicrosoftAppId: config.botId,
CertificatePrivateKey: '{your private key}',
CertificateThumbprint: '{your cert thumbprint}',
MicrosoftAppType: "MultiTenant",
});
const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication(
{},
credentialsFactory
);
const adapter = new CloudAdapter(botFrameworkAuthentication);
For csharp project:
builder.Services.AddSingleton<ServiceClientCredentialsFactory>((e) => new CertificateServiceClientCredentialsFactory("{your certificate}", "{your entra id}"));
-
Test your bot app.
-
Clean up secrets in your Entra id.
If your bot works, you can delete the secrets in your Entra id.
-
Create a new Azure bot service with MSI type
Since Azure bot service’s id and type cannot be modified after creation, you need to create a new Azure bot service. Select type “User-Assigned Managed Identity” and creation type “Create new Microsoft App ID”, and it will create both the Azure bot service and the managed identity for you.
You can also manually create a managed identity first then create the Azure bot service with creation type “Use existing app registration”.
You need to update the new Azure bot service’s messaging endpoint and Channels to be the same as the old one.
-
Add the managed identity to the resource that hosts your bot app.
Go to your app’s hosting resource, select Settings->Identity->User assigned. Add the managed identity created in step 1.
-
Update your code and deploy to your hosting resource.
For typescript/javascript project:
const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
MicrosoftAppType: 'UserAssignedMsi',
MicrosoftAppId: '{your msi’s client id}',
MicrosoftAppTenantId: '{your msi’s tenant id}',
});
const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication(
{},
credentialsFactory
);
const adapter = new CloudAdapter(botFrameworkAuthentication);
For c# project:
builder.Configuration["MicrosoftAppType"] = "UserAssignedMsi";
builder.Configuration["MicrosoftAppId"] = "{your msi’s client id}";
builder.Configuration["MicrosoftAppPassword"] = "{your msi’s tenant id}";
builder.Services.AddSingleton<BotFrameworkAuthentication, ConfigurationBotFrameworkAuthentication>();
-
Update BOT_ID’s value in env file
Go to your env file. Update BOT_ID’s value to be your newly created managed identity’s client id.
-
Generate the appPackage with new BOT_ID
-
Test your bot app
-
Clean up unneeded resources
If your bot works, you can delete the old Azure bot service and the old Entra id.
Build Custom Engine Copilots
- Build a basic AI chatbot for Teams
- Build an AI agent chatbot for Teams
- Expand AI bot's knowledge with your content
Scenario-based Tutorials
- Send notifications to Teams
- Respond to chat commands in Teams
- Respond to card actions in Teams
- Embed a dashboard canvas in Teams
Extend your app across Microsoft 365
- Teams tabs in Microsoft 365 and Outlook
- Teams message extension for Outlook
- Add Outlook Add-in to a Teams app
App settings and Microsoft Entra Apps
- Manage Application settings with Teams Toolkit
- Manage Microsoft Entra Application Registration with Teams Toolkit
- Use an existing Microsoft Entra app
- Use a multi-tenant Microsoft Entra app
Configure multiple capabilities
- How to configure Tab capability within your Teams app
- How to configure Bot capability within your Teams app
- How to configure Message Extension capability within your Teams app
Add Authentication to your app
- How to add single sign on in Teams Toolkit for Visual Studio Code
- How to enable Single Sign-on in Teams Toolkit for Visual Studio
Connect to cloud resources
- How to integrate Azure Functions with your Teams app
- How to integrate Azure API Management
- Integrate with Azure SQL Database
- Integrate with Azure Key Vault
Deploy apps to production