I am making a Teams bot app. The app package will be sent to clients for sideloading and it should be installed to a channel to post relevant information on a schedule. I need to identify which clients have installed the app so I can send organization-specific messages to them. I was originally planning on using Graph to get the data from the bot activities but, it sounds like the usual Microsoft SSO flow won't work since it isn't a 1:1 chat. The client shouldn't have to do more than install the app package on an admin account to the correct channel and accept any permissions required. Is there either a workaround to identify tenants from data being returned to the bot or another way of getting tokens that will work with varying tenants?
I planned to get the organization name from Graph and that seems to be fairly simple with a single tenant but, this needs to work across multiple tenants.
I was initially planning on using Application permissions but it seems like that won't work because the permissions need to be accepted by each tenant and they shouldn't have to go into Azure Portal and set that up. I found a Medium article that used SSO for authenticating, but it sounds like that would only work in 1:1 chats.
I looked into delegated permissions, but it should only be the admin who needs to accept permissions. Also the app not being installed to a 1:1 chat would again seem to be an issue there.
Thanks in advance for any suggestions.
Whenever you bot receives a message from a user the message, the message payload includes the tenant id. See more on that here: https://learn.microsoft.com/en-us/microsoftteams/platform/resources/bot-v3/bot-conversations/bots-conversations#receiving-messages
In addition, the bot receives a similar kind of message from Teams when it is first installed by the user - something called the conversationUpdate event - see more on that here: https://learn.microsoft.com/en-us/microsoftteams/platform/resources/bot-v3/bots-notifications#team-member-or-bot-addition . This conversationUpdate also includes the tenant id. Both events include the user's name and Active Directory unique guid too if you want to differentiate/store user info too.