HaloITSM Guides
Documentation to assist with the setup and configuration of the HaloITSM platform
Embedding The Self-Service Portal within MS Teams with SSO
This guide will explain how to embed your self service portal within teams and allow for automatic sign in with SSO.
Prerequisites
- You need to have already setup SSO, within Halo, with Azure.
1. Azure Entra Configuration
To begin, we will configure all that is required within Azure Entra.
1. Create a new app registration for the MS Teams app
2. Configure the SSO app registration
Within the seperate app registration you have configured to use SSO for within Halo, you now need to expose it as an API.
Go to the 'Expose an API' tab and select the add button next to the text 'Application ID URI'. Then pass the URI in the below format:
api://{Halo Portal URL}/{Client ID of the app you're currently editing}
Next, you need to define a scope. We recommend using the below config:
Next, under the heading 'Authorized client applications', you now need to add the application (client) ID of the app registration we created earlier for the Teams Portal and provide the scope we just created.
Note
Later on, when testing, if you get a redirect error regarding the Microsoft Teams client ID not being in the redirect. You will need to add the ID, it mentions in the error, here.
Finally, you will need to add the below value to the manifest file of the app registration:
"requestedAccessTokenVersion": 2
The key should already exist, so you will just need to set it to '2'.
Checkpoint
At this point, you should now have two seperate Azure app registrations. One basic one, that we will just pass to the MS Teams app and the one that is used for SSO.
2. Microsoft Teams App Configuration
We will now configure the app within the Microsoft Teams developer portal.
Create a new application and configure it using the recommended config below:
In the 'Application (client) ID' field, this is where you want to provide the client ID of the seperate MS Teams app registration we created earlier.
Go to the 'App Features' section and create a new 'Personal App'. Then create a tab with your Halo portal URL.
Finally, go to the 'Single Sign On' tab and provide the URI that we created earlier when we exposed the API. You do not need to provide the scope.
2. Test the App
That is the setup complete, so now either publish the app or test it within MS Teams and if it is successful, the portal will automatically be signed in upon opening the app.
Popular Guides
- Asset Import - CSV/XLS/Spreadsheet Method
- Call Management in Halo
- Creating a New Application for API Connections
- Creating Agents and Editing Agent Details
- Departments and Teams
- Halo Integrator
- Importing Data
- Multiple New Portals with different branding for one customer [Hosted]
- NHServer Deprecation User Guide
- Organisation Basics
- Organising Teams of Agents
- Step-by-Step Configuration Walk Through
- Suppliers
