This integration is available starting with Axigen X6 (10.6.0).
Axigen's integration with Microsoft Teams enables users to add Teams* meeting invitations linked to their personal Teams account when scheduling a calendar event in WebMail. This integration ensures that any modifications made to the event within WebMail are automatically synchronized with the Teams application, reflecting updates in real-time. This synchronization helps maintain consistency and ensures that all participants have the latest information.
Concepts
Teams (Microsoft) issues an access token, which is then sent to Axigen. This access token is the key that allows Axigen to make meeting requests to Teams on behalf of the Axigen account. In other words, Axigen doesn't have any knowledge of your Teams account; it only has the token that permits it to manage your meetings on your behalf.
These tokens are available for 1 hour, when they expire, Axigen will request a refresh token to ask for a new token.
Essentially, the Teams application acts as a frontend. Through OAuth, it allows Axigen, as a delegate, to perform a small set of operations on behalf of a user, based on the consent the user has given.
Upon correctly publishing their application, the admin receives a client ID and a client secret for access. The admin then configures the OAuth connector that Axigen uses to access the application. You should fill in the public information (authorization and token endpoints) with the relevant details for the service you are using.
The synchronization direction is Axigen → Teams, where Teams is reading the Axigen user's Calendar events.
*) Or Skype, depending on your account type. The account used in this example is quite a basic one, and therefore some limits might appear.
Installation and Configuration
There are 3 main phases to configure this integration:
-
Teams Preparation: Registering an Application in AzureAD
-
Axigen Preparation: Creating and Configuring the Teams Connector in Axigen
-
End-user Settings
Steps #1 and #2 can be performed in any sequence.
1. Teams Preparation: Registering an Application in AzureAD
1.1. Log into https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/CreateApplicationBlade with your Microsoft developer account
1.2. Add a “Personal Microsoft accounts only” application and fill in the OAuth Redirect URL to the /api/v1/oauth/access endpoint of your Axigen server deployment.
This might be related to your Microsoft development account which does not have enough permissions (maybe because its free).
1.3. Select App registrations in the left menu
1.4. Now, add a client secret.
The client secret is only visible when creating the key, then it will become hidden. So save the password in a safe place.
In order for Teams to access the account some permissions are needed. The User.Read is there by default, but additional permissions are required.
1.5. Click the Add permissions button
The permissions are:
-
Calendars.Read -
Calendars.ReadBasic -
Calendar.ReadWrite -
offline_access -
User.Read(the default one)
You may simply search for the permissions, and then check the ones you need.
1.7. Click Add permissions
2. Axigen Preparation: Creating the Teams Connector
The connector is defined at server level and at this moment, a single connector can be used per server, even though multiple connectors may be defined from the CLI interface.
Setting up the connector may be done from the CLI interface and from the WebMail interface.
Via CLI
The configuration template for the Teams connector is already defined.
The parameters for authzUri, tokenUri and clientScopes are always the same:
-
set authzuri https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize -
set tokenUri https://login.microsoftonline.com/consumers/oauth2/v2.0/token -
set clientScopes "User.Read Calendars.ReadBasic Calendars.Read Calendars.ReadWrite offline_access"
The clientId and the clientSecret are unique values and created at the previous step:
-
set clientId <teamsClientID>
-
set clientSecret <YourActualClientSecretReceivedFromMicrosoft>
As explained above, the password is visible at creation only.
Via WebAdmin
Since the Teams connector is already defined, the only parameters left, are the clientId and the clientSecret.
Navigate to the WebAdmin interface → Services - > WebMail → Extensions tab
At this point, the Teams connector is not enabled. Edit the connector, type in the clientId and the clientSecret and save the connector.
Enable the connector and save the configuration.
Allowing the Teams Connector to Be Used
The Teams connector is defined at server level, however, this functionality must be also enabled. Depending of the preferences this can be enabled at domain level, account level or account class.
In this example, I will enable it at domain level.
Navigate to the WebAdmin interface → Domains & Accounts → Manage domains → select the domain → Account defaults → Quotas and Restrictions → scroll down to External Apps section.
Now the users in domain “test.tld” are able to use the connector.
3. End-user Settings
3.1. Log into the WebMail interface
3.2. Navigate to Settings
3.3. Go to the Extensions tab
3.4. Turn on Microsoft Teams — a Microsoft login page will open
In case the Microsoft login page does not appear, it means you are already logged in.
3.5. Login using your Microsoft Account
3.6. A new window will pop-up, where the Microsoft application is asking for permissions to be granted to access the user’s calendar. This pop-up will only appear once.
Use Case Examples
Event Creation
-
Create a calendar event from the WebMail interface
-
Create the Teams invite by clicking Add Teams
-
The invite has been created
-
The event was also created in Teams, after saving the event in Webmail
Event Update
In this example, the end-user has updated the event by changing the subject and has added another recipient.
Event Deletion
Now, cancel the event from the WebMail interface.
The event has been also removed from Teams.
