ServiceNow for Microsoft Teams Integrations (Tab SSO and Request-Based Chat) - ChecklistSummaryThis article covers checkllist to follow while integrating and configuring ServiceNow for Microsoft Teams (IT Service Management integration with Microsoft Teams/HR Service Delivery integration with Microsoft Teams) Explanation given here covers "Employee Center tab" (aka Your hub, Custom tab, Tab SSO) feature, but can be read through to understand other features at a high level, since all (under Employee Experience) features under ServiceNow for Microsoft Teams have very similar configuration or atleast the architecture on the Azure side. Some pointers to community articles: FAQs on Microsoft Teams Integrations - Contains information about Virtual Agent and ServiceNow for Microsoft Teams Article on Integration with Microsoft Teams Microsoft Teams integration API permissions Self Diagnostics tool: *supports only TAB SSO feature. The attached ZIP (tabsso_printDiagnostics.zip) contains a JS file, copy the content of the JS and paste it in the background scripts module of any instance where you are seeing any issues related to ServiceNow for Teams (TAB SSO module only). The tools simply prints configuration and setup data which can be used further to understand the problem in the instance. Pre-requisites : Tokyo + Before you start the installation make sure you have ServiceNow admin role. (VA Admin or admin). The following plugins [and store application plugins] should be installed Plugin name Plugin ID Version IT Service Management integration with Microsoft Teams/HR Service Delivery integration with Microsoft Teams sn_now_teams_it/sn_now_teams_hr2.6.3 + / 3.3.0 + Microsoft Integrations - Core sn_now_teams4.6.1 + Azure Active Directory User Mapping sn_now_azure1.5.1 + Collaboration Services sn_tcm_collab_hook4.6.1 + (hard dependency but used only in case of CHAT and IMPORT) Glide Virtual Agent [ Pro Licensing] / Glide Virtual Agent Lite [ Standard Licensing] com.glide.cs.chatbot or com.glide.cs.chatbot.lite Conversational Integration with Microsoft Teams (Store plugin) sn_va_teams1.0.4 +Microsoft Teams Graph Spoke (Store Plugin)sn_msteams_ahv2 3.4.0 + MS Teams - App Corecom.snc.msteams.app.core InstructionsShould I choose Pre-published App or Self-configured App? Pre-published app: This Azure Enterprise application and is maintained by ServiceNow. This Application uses Proxy to enable communication between Microsoft Azure tenant and ServiceNow instance, the mapping has a limitation that it can hold only unique Azure tenant ID in the table. Hence the limitation of One ServiceNow instance to One Microsoft Azure Tenant. Self-Configured app: This Azure application (App registrations) should be created/maintained by Customer within their Azure Tenants. There are no limitations in this configurations, use cases can be, When customer has multiple ServiceNow instances (Staging, QA, Prod) and has only one Microsoft Azure tenant to work with. In this case customer can create one azure application per instance from https://portal.azure.com. The configuration steps are listed in ServiceNow documentation.When customer has requirement that they will use one Servicenow Instances and connect Multiple Azure tenant (with guest configurations). Based on explanation above, considering the customer requirements in very crucial in coming up with the right configuration. Integrating pre-published app: (uses proxy) Follow the instructions in ServiceNow documentation here. Authentication checklist: In case of Pre-published app, the application oauth entities are already shipped within the plugin (OOB). In case of Tab SSO feature once the user installs tenant from "Install Azure apps" page and consents for Tab SSO app oauth entity will be generated automatically. 1. Verify that required authentication records got created/updated. After integration steps are done. # Table Name Feature Name Column Name Value to be verified Additional Comments 1 oauth_oidc_entity Tab SSO Name Record got created with “Azure AD - sso - <tenant_name>” Client ID 598b466c-33f9-4290-80cb-99902b487cf9 Do not edit this ID 2 oidc_provider_configuration Tab SSO Name Record got created with “Azure AD - <tenant_name>” User Claim preferred_username configurable if customer wants to use upn/email (based on azure configuration) User field sys_user.email configurable based on customer environment 3 oauth_entity Request Based Chat (delegated permission) Name (OOB shipped) Microsoft Teams Chat Client ID 9c36f0ac-f4b2-4eb9-a25e-693b859c114f Do not edit this ID Default Grant type Authorization Code OAuth Entity Scopes .default and offline_access 4 sys_alias Request Based Chat (delegated permission) Name MS Teams Chat Credentials ID sn_tcm_collab_hook.MS_Teams_Chat_Credentials 5 oauth_entity Request Based Chat (application permission) Name (OOB shipped) Microsoft Teams Chat App Permission Client ID 9c36f0ac-f4b2-4eb9-a25e-693b859c114f Do not edit this ID Default Grant type Client Credentials 6 sys_alias Request Based Chat (application permission) Name (OOB shipped) MS Teams Chat App Credentials ID sn_tcm_collab_hook.MS_Teams_Chat_App_Credentials Integrating self-configured app: (custom apps created from azure portal) Follow the instructions in ServiceNow documentation here. Authentication checklist: In case of self-configured app, the application oauth entities are already shipped within the plugin with PLACEHOLDER values (OOB) user has to edit the respective record with proper values. For Tab SSO feature the creation of oauth entity is automated once when manifest is generated. 1. Verify that required authentication records got created/updated. After integration steps are done. # Table Name Feature Name Column Name Value to be verified Additional Comments 1 oauth_oidc_entity Tab SSO Name Record got created with “Azure AD - <tenant_name>” Client ID ID will be same as Application (client) ID entered in manifest page Do not edit this ID 2 oidc_provider_configuration Tab SSO Name Record got created with “Azure AD - <tenant_name>” User Claim upn configurable if customer wants to use upn/email (based on azure configuration) User field sys_user.email configurable based on customer environment 3 oauth_entity Request Based Chat (delegated permission) Name (OOB shipped) Microsoft Teams Chat Single Tenant Client ID {azure-ad-application-id-here} Kindly modify this to the ID as per the client ID created in Azure portal Default Grant type Authorization Code OAuth Entity Scopes .default offline_access 4 sys_alias Request Based Chat (delegated permission) Name MS Teams Chat Credentials ID sn_tcm_collab_hook.MS_Teams_Chat_Credentials 5 oauth_entity Request Based Chat (application permission) Name (OOB shipped) Microsoft Teams Chat App Permission ST Client ID {azure-ad-application-id-here} Kindly modify this to the ID as per the client ID created in Azure portal Default Grant type Client Credentials 6 sys_alias Request Based Chat (application permission) Name (OOB shipped) MS Teams Chat App Credentials ID sn_tcm_collab_hook.MS_Teams_Chat_App_Credentials More content to be updated soon...