Microsoft Teams configuration

This page describes how to set up authentication and permissions before creating the Microsoft Teams data store.

Set up authentication and permissions

You must set up authentication and permissions in Microsoft 365. This is crucial to allow the connector to access data. The MS Teams connector supports various authentication methods, such as OAuth client credentials or API tokens.

Entra app registration for Microsoft Teams connector

You must set up a Microsoft Entra application registration to enable secure access to Microsoft Teams before you can create the Gemini Enterprise connector.

To register Gemini Enterprise as an OAuth 2.0 application in Microsoft Entra, do the following:

1. Navigate to Microsoft Entra admin center .
2. In the menu, expand the Entra IDsection and select App registrations.
3. On the App registrationspage, select add New registration.
4. On the Register an applicationpage, create an app registration by doing the following:
   1. In the Namesection, enter a display name for the application.

      

   2. In the Supported account typessection, select Accounts in the organizational directory only. This option restricts access to users within your organization's Microsoft Entra tenant, which is appropriate for an enterprise application.
   3. In the Redirect URIsection, select Weband enter the following URLs as web callback URLs (or redirect URLs):
      • https://vertexaisearch.cloud.google.com/oauth-redirect
   4. Click Register. Microsoft Entra creates your app and displays it on the All applicationspage.

Create an OAuth 2.0 configuration

To create a connection using the OAuth 2.0 authentication method, you need to obtain a client ID, client secret, and tenant ID from your Microsoft Entra application registration page.

Obtain client ID and client secret

To obtain the client ID and secret for the app, do the following:

1. Navigate to Microsoft Entra admin center .
2. In the menu, expand the Entra IDsection and select App registrations.
3. On the App registrationspage, select All applications.
4. Open the application you created.
5. On the app page, select Certificates & secrets.
6. Click add New client secret.
7. In the Add a client secretdialog:
   1. Enter a description for the secret.

      

   2. Select an expiry duration. We recommend selecting the default value.
   3. Click Add.
8. Copy the secret from the Valuecolumn ( Client Secret ) and the identifier from the Secret IDcolumn ( Client ID ), and store them securely for later use.

Obtain tenant ID

Your tenant ID can be found in the Tenant IDbox on the overview page in the Microsoft Entra admin center.

Microsoft Graph minimum permissions

To configure the required API permissions for the app, do the following:

1. Navigate to Microsoft Entra admin center .
2. In the menu, expand the Entra IDsection and select App registrations.
3. On the App registrationspage, select All applications.
4. Open the application you created.
5. On the app page, select API permissions.
6. Click Add a permission.

7. In the Request API permissionspage, select Microsoft Graph, and select Delegated permissions.

8. Search for and select the following permissions for federated search:

   Connection Mode

   Permission

   Purpose

   Federated Search

   Group.Read.All

   Allows the data store to read group properties and memberships, and read conversations for all groups.

   Sites.Read.All

   Allows the data store to read all files and documents shared within Teams channels across the organization.

   ChatMessage.Read.All

   Allows the app to read all one-to-one and group chats messages.

   User.Read.All

   Allows the data store to read user profiles.

9. Click Add Permissions.