Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Roles required in the setup of the Microsoft Teams integration

Gene Shtilkind
ServiceNow Employee
ServiceNow Employee
‎06-23-2021 12:10 PM

Purpose 

The setup of the Microsoft Teams integration often requires collaboration across various groups within an organization. The goal of this document is to clarify the roles and responsibilities of each party involved. 

Who is involved? 

There are, at minimum, 4 different roles required in enabling the integration between your ServiceNow instance and your Microsoft Teams tenant.  

Typically, in a large organization, there will be 3 individuals involved. 1 will be the ServiceNow System Administrator, another will be an Azure AD administrator who is assigned the external_app_install_admin role in ServiceNow, and the third will be a Teams administrator. 

In a smaller organization, there may be one administrator on the ServiceNow side (System Administrator) and one administrator on the Microsoft side, who has both an administrator role in Azure AD and the Teams administrator role. 

ServiceNow Roles 

admin (System Administrator) – "admin" is the System Administrator role within ServiceNow. In this scenario, the System Administrator is involved in multiple parts of the process, including identifying the individuals to help with the integration setup, assigning the external_app_install_admin role, and configuring the Teams integration within the ServiceNow instance. 

external_app_install_admin - This is a scoped administration role with very limited privileges. This role enables a user to connect the ServiceNow instance to an external system, in this case, Microsoft Teams.  

Azure AD Roles 

A user must have one of the following roles in Azure AD and the external_app_install_admin role in ServiceNow, in order to complete the connection and authorization portions of the setup experience. 

Note: The actual time required to click through the Connection and Authorization steps is minimal (just a few minutes); however, the individual who is assigned an administrator role in Azure and the external_app_install_admin role may have less experience with ServiceNow than the System Administrator and will have questions about the integration. It will expedite the setup process if the System Administrator carves out time to sit with the external_app_install_admin as they work through the setup, to answer any questions. 

Microsoft Teams Roles 

Teams administrator – This user will be responsible for uploading the application manifest into the Microsoft Teams tenant and can assign custom app policies. One step in the setup requires creation of a custom app policy. Additionally, custom app policies can be used to restrict which users have access to the ServiceNow for Teams application, enabling testing as well as limited rollouts, targeting a specific region or a specific set of users, before doing a global rollout. 

 Roles Chart

 

 ServiceNow 

 Azure AD 

 Teams 

Admin (System administrator) 

 X 

 

 

External_app_install_admin 

 X 

 

 

Application Administrator 

 

 X 

 

Cloud Application Administrator 

 

 X 

 

Global Administrator 

 

 X 

 

Privileged Role Administrator 

 

 X 

 

Teams Administrator 

 

 

 X 


 

Setup Steps 

  1. ServiceNow System Administrator installs the required applications/plugins. 

  2. ServiceNow System Administrator identifies the appropriate users with the Microsoft Application administrator role and the Teams administrator role. 

  3. The System Administrator assigns the external_app_install_admin role to the Microsoft Application Administrator. 

  4. The System Administrator should provide a link to the page where the Azure AD Application Administrator can establish the connection between the instance and tenant, and then, subsequently, authorize the apps. Link: https://www.{instance-name}.service-now.com/nav_to.do?uri=%2Fsn_now_azure_app_installer.do 

  5. The Azure AD Administrator will connect the ServiceNow instance to their Teams tenant. 

  6. The Azure AD Administrator will review and authorize each of the multi-tenant apps. 

  7. Once the Azure AD Application Administrator has completed the connection and authorization steps, the System Administrator will configure and download the manifest. 

  8. The System Administrator will share the manifest with the Teams administrator. 

  9. The Teams Administrator will upload the manifest to their Teams tenant. 

  10. The Teams administrator will block the Now Virtual Agent app so that users do not install it directly and then add the Now Virtua.... 

  11. The ServiceNow System Administrator will continue with configuration of the ServiceNow for Teams application within the ServiceNow instance. 
  • 3,511 Views
2 Comments
Popular Blog Posts