Microsoft Teams Integration Guide
NeuraFlow integrates with Microsoft Teams using a multi-tenant Azure App Registration. Brain Station 23 configures the app once; customers grant access to their own tenants.
Overview
App Registration Permissions
Permissions Reference
Application Permissions (No user sign-in required)
| Permission | Purpose | Admin Consent |
|---|---|---|
Chat.Create | Create chats with users | Yes |
User.Read.All | Read all users' full profiles | Yes |
TeamsAppInstallation.ReadWriteForUser.All | Manage Teams apps for all users | Yes |
AppCatalog.ReadWrite.All | Read and write to all app catalogs | Yes |
Delegated Permissions (User sign-in required)
| Permission | Purpose | Admin Consent |
|---|---|---|
AppCatalog.ReadWrite.All | Read and write to all app catalogs | Yes |
User.Read | Sign in and read user profile | No |
openid | Sign users in | No |
offline_access | Maintain access (refresh tokens) | No |
email | View users' email address | No |
profile | View users' basic profile | No |
Customer Use Cases
Customers can enable three capabilities, each requiring specific permissions:
Use Case 1: Authorize Bot Capabilities
Enables NeuraFlow to send/receive messages with Teams users.
Required Permissions (Application):
Chat.Create- Create chat threadsUser.Read.All- Find users by email
How it works:
- Admin clicks "Connect Microsoft Teams" in NeuraFlow
- Admin signs into Microsoft and grants consent
- NeuraFlow backend can now create chats and send messages
Use Case 2: Automate Catalog Push
Enables NeuraFlow to automatically publish the bot to the customer's Teams app catalog.
Required Permissions (Delegated):
AppCatalog.ReadWrite.All- Upload apps to catalogUser.Read,openid,offline_access- OAuth flow
How it works:
- Admin clicks "Upload to Catalog" in NeuraFlow
- Admin signs in via OAuth
- NeuraFlow uploads bot manifest on admin's behalf
- Bot appears in Teams app catalog
Alternative: Manual Upload
- Download manifest.zip from NeuraFlow
- Upload via Teams Admin Center (
admin.teams.microsoft.com)
Use Case 3: Automate Bot Install for Users
Enables NeuraFlow to automatically install the bot for specific users.
Required Permissions (Application):
TeamsAppInstallation.ReadWriteForUser.All- Install apps for usersAppCatalog.ReadWrite.All- Access app catalog
How it works:
- Admin grants consent (one-time)
- NeuraFlow calls Graph API to install bot for specified users
- Bot appears in users' Teams automatically
Developer Setup (Brain Station 23)
Step 1: Create Azure App Registration
| Field | Value |
|---|---|
| Name | NeuraFlow Teams Connector |
| Supported account types | Accounts in any organizational directory (Multi-tenant) |
| Redirect URI (Web) | https://neuraflow.brainstation23.com/api/v1/teams/oauth/callback |
Step 2: Configure API Permissions
Navigate to API permissions → Add a permission → Microsoft Graph
Application Permissions:
Chat.CreateUser.Read.AllTeamsAppInstallation.ReadWriteForUser.AllAppCatalog.ReadWrite.All
Delegated Permissions:
AppCatalog.ReadWrite.AllUser.Readopenidoffline_accessemailprofile
Step 3: Create Client Secret
Navigate to Certificates & secrets → + New client secret
| Field | Value |
|---|---|
| Description | NeuraFlow Production |
| Expires | 24 months |
Step 4: Configure Environment
AZURE_CLIENT_ID=<from-app-registration>
AZURE_CLIENT_SECRET=<generated-secret>
AZURE_TENANT_ID=<brainstation23-tenant-id>
TEAMS_BOT_APP_ID=<bot-app-id>
Customer Onboarding
Prerequisites
| Requirement | Details |
|---|---|
| Microsoft 365 License | Business Basic or higher |
| Microsoft Entra ID Role | Global Administrator or Teams Administrator |
| NeuraFlow Account | Organization created in NeuraFlow |
Onboarding Flow
| Step | Type | Required |
|---|---|---|
| Admin Consent | Application permissions | Yes |
| Catalog Upload | Delegated permissions | Optional (can upload manually) |
Integration Flow
Troubleshooting
"Need admin approval"
Only Global Administrators can grant admin consent for application permissions. Teams Administrators can only grant delegated permissions.
"AADSTS65001: User hasn't consented"
| Cause | Solution |
|---|---|
| Admin consent not granted | Complete admin consent flow |
| Wrong tenant | Sign in with correct organization account |
| Permissions changed | Re-grant admin consent |
"App not visible in Teams"
| Cause | Solution |
|---|---|
| Catalog upload not completed | Upload bot to catalog |
| App pending approval | Check Teams admin center |
| Caching | Wait up to 24 hours or clear Teams cache |
Quick Reference
Admin Consent URL
https://login.microsoftonline.com/{tenant}/adminconsent
?client_id={neuraflow_app_id}
&redirect_uri=https://neuraflow.brainstation23.com/api/v1/teams/oauth/callback
Required Roles
| Action | Required Ro |
|---|---|
| Admin Consent | Global Administrator |
| Catalog Upload | Teams Administrator or Global Administrator |
Verify Consent
Azure Portal → Microsoft Entra ID → Enterprise applications → Search "NeuraFlow Teams Connector" → Permissions tab