The setup of the Microsoft Teams integration often requires collaboration across various groups within an organization. The goal of this document is to clarify the roles and responsibilities of each party involved.
There are, at minimum, 4 different roles required in enabling the integration between your ServiceNow instance and your Microsoft Teams tenant.
Typically, in a large organization, there will be 3 individuals involved. 1 will be the ServiceNow System Administrator, another will be an Azure AD administrator who is assigned the external_app_install_admin role in ServiceNow, and the third will be a Teams administrator.
In a smaller organization, there may be one administrator on the ServiceNow side (System Administrator) and one administrator on the Microsoft side, who has both an administrator role in Azure AD and the Teams administrator role.
admin (System Administrator) – "admin" is the System Administrator role within ServiceNow. In this scenario, the System Administrator is involved in multiple parts of the process, including identifying the individuals to help with the integration setup, assigning the external_app_install_admin role, and configuring the Teams integration within the ServiceNow instance.
external_app_install_admin - This is a scoped administration role with very limited privileges. This role enables a user to connect the ServiceNow instance to an external system, in this case, Microsoft Teams.
A user must have one of the following roles in Azure AD and the external_app_install_admin role in ServiceNow, in order to complete the connection and authorization portions of the setup experience.
Note: The actual time required to click through the Connection and Authorization steps is minimal (just a few minutes); however, the individual who is assigned an administrator role in Azure and the external_app_install_admin role may have less experience with ServiceNow than the System Administrator and will have questions about the integration. It will expedite the setup process if the System Administrator carves out time to sit with the external_app_install_admin as they work through the setup, to answer any questions.
Teams administrator – This user will be responsible for uploading the application manifest into the Microsoft Teams tenant and can assign custom app policies. One step in the setup requires creation of a custom app policy. Additionally, custom app policies can be used to restrict which users have access to the ServiceNow for Teams application, enabling testing as well as limited rollouts, targeting a specific region or a specific set of users, before doing a global rollout.
|
ServiceNow |
Azure AD |
Teams |
Admin (System administrator) |
X |
|
|
External_app_install_admin |
X |
|
|
Application Administrator |
|
X |
|
Cloud Application Administrator |
|
X |
|
Global Administrator |
|
X |
|
Privileged Role Administrator |
|
X |
|
Teams Administrator |
|
|
X |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.