Connect Microsoft Teams to Mattermost (Beta)#

plans-img Available on Enterprise plans

deployment-img Cloud and self-hosted deployments

Bridge communications between Mattermost and Microsoft Teams, transforming them into a unified platform. Empower your users to stay on their preferred platform while ensuring seamless, cross-functional collaboration and project alignment, while leveraging the strengths of both platforms without significantly increasing operational costs.

Setup#

Setup starts in Mattermost, moves to Microsoft Teams, and ends in Mattermost.

Install the Microsoft Teams integration in Mattermost#

Important

These installation instructions assume you already have a Mattermost instance running PostgreSQL. Note that this Mattermost integration doesn’t support MySQL databases.

  1. Log in to your Mattermost workspace as a system administrator.

  2. Download the latest version of the plugin binary release, compatible with Mattermost v8.0.1 and later. If you are using an earlier version of Mattermost, follow our documentation to upgrade to Mattermost v8.0.1 or later.

  3. Go to System Console > Plugins > Plugin Management > Upload Plugin, and upload the plugin binary you downloaded in the previous step.

  4. Go to System Console > Plugins > Plugin Management. In the Installed Plugins section, scroll to MS Teams, and select Enable Plugin.

Set up an OAuth application in Azure#

  1. Sign into portal.azure.com using an admin Azure account.

  2. Navigate to App Registrations.

  3. Select New registration at the top of the page.

In Azure, create a new app registration.

  1. Fill out the form with the following values:

  • Name: Mattermost MS Teams

  • Supported account types: Default value (Single tenant)

  • Platform: Web

  • Redirect URI: https://(MM_SITE_URL)/plugins/com.mattermost.msteams/oauth-redirect

Replace (MM_SITE_URL) with your Mattermost server’s Site URL. Select Register to submit the form.

In Azure, register the new Mattermost app.

  1. Navigate to Certificates & secrets in the left pane.

  2. Select New client secret. Enter the description and select Add. After the creation of the client secret, copy the new secret value, not the secret ID. We’ll use this value later in the Mattermost System Console.

In Azure, enter client secret details.

  1. Navigate to API permissions in the left pane.

  2. Select Add a permission, then Microsoft Graph in the right pane.

In Azure, manage API permissions for the Mattermost app.

  1. Select Delegated permissions, and scroll down to select the following permissions:

  • Channel.ReadBasic.All

  • ChannelMessage.Read.All

  • ChannelMessage.ReadWrite

  • ChannelMessage.Send

  • Chat.Create

  • Chat.ReadWrite

  • ChatMessage.Read

  • Directory.Read.All

  • Files.Read.All

  • Files.ReadWrite.All

  • offline_access

  • Team.ReadBasic.All

  • User.Read

  1. Select Add permissions to submit the form.

  2. Next, add application permissions via Add a permission > Microsoft Graph > Application permissions.

  3. Select the following permissions:

  • Channel.ReadBasic.All

  • ChannelMessage.Read.All

  • Chat.Read.All

  • Files.Read.All

  • Group.Read.All

  • Team.ReadBasic.All

  • User.Read.All

  1. Select Add permissions to submit the form.

  2. Select Grant admin consent for… to grant the permissions for the application.

Create a user account to act as a bot#

  1. Create a regular user account. We will connect this account later from the Mattermost side.

  2. This account is needed for creating messages on Microsoft Teams on behalf of users who are present in Mattermost but not on Microsoft Teams.

  3. This account is also needed when users on Mattermost have not connected their accounts and some messages need to be posted on their behalf. See the screenshot below:

    In Microsoft Teams, create a user account to act as a bot.

Run the /msteams connect-bot slash command to connect the bot account. Once connected to the account on Microsoft Teams, all the messages that are posted from the account on Microsoft Teams won’t be synchronized back to Mattermost since it’s a “bot”, and messages from bots are ignored.

Ensure you have the metered APIs enabled (and the pay subscription associated to it)#

Follow the steps here: https://learn.microsoft.com/en-us/graph/metered-api-setup

Important

If you don’t configure the metered APIs, you must use the Evaluation model (configurable in Mattermost) that is limited to a low rate of changes per month. We strongly recommend that you avoid using the Evaluation model configuration in live production environments because you can stop receiving messages due the rate limit. See this Microsoft documentation for more details.

You’re all set for configuration inside Azure.

Configure how users connect accounts#

Mattermost admins can configure Mattermost to automatically prompt users to connect their Mattermost user account to their Microsoft Teams user account on login.

  1. Go to System Console > Plugins > MS Teams.

  2. Enable Enforce connected accounts to prompt users to connect if they haven’t done so.

  3. (Optional) Enable Allow to temporarily skip connect user to allow users to skip the connection prompt temporarily. Users are prompted on refresh and login.

Mattermost configuration#

Additional configuration settings are available for this plugin. See the Microsoft Teams plugin configuration settings documentation for details.

Monitor performance#

You can set up performance monitoring and performance alerting for this plugin using Prometheus and Grafana.

  • Monitoring enables you to proactively review the overall health of the plugin, including database calls, HTTP requests, and API latency.

  • Alerting enables you to detect and take action as issues come up, such as the integration being offline.

Grafana dashboards are available on GitHub for Mattermost Cloud deployments as a useful starting point. These dashboards are designed for use in Mattermost Cloud, and filter to a given namespace.

Example of a Grafana monitoring dashboard for a Mattermost instance connected to Microsoft Teams.

Note

Modifications will be necessary for self-hosted Mattermost deployments. See the Get help section below for details on how to contact us for assistance.

System admin slash commands#

Once Microsoft Teams interoperability is enabled, the following slash commands are available for Mattermost system admins by typing the commands into the Mattermost message text box, and selecting Send:

  • /msteams connect-bot: Connect the bot account in Mattermost to an account in Microsoft Teams.

  • /msteams disconnect-bot: Disconnect the bot account in Mattermost from the Microsoft Teams account.

  • /msteams show-links: Show all the currently active links including the Mattermost team, Mattermost channel, Microsoft Teams team, and Microsoft Teams channel.

  • /msteams promote: Promote a synthetic user to a normal user. This command takes two parameters i.e. current_username and the new_username. The promoted user must reset their password or request assistance from the admin in order to log in to Mattermost. After promoting the user, the user will be counted under the Mattermost license.

Usage#

See the collaborate within connected microsoft teams product documentation to get started using Microsoft Teams interoperability.

Frequently asked questions#

Can users connect their Mattermost account to a different Microsoft Teams account?#

No. Currently, only accounts with the same email addresses are allowed to be connected. Specify the email address that matches your Mattermost account.

If connecting a Mattermost account to a Microsoft Teams account with a different email address is something your workspace requires, there is an open GitHub issue for you to share your feedback.

How is encryption handled at rest and in motion?#

Everything is stored in the Mattermost databases. AES encryption is used to encrypt the MS Teams auth/access token. Other encryption at rest would be dependent on how the Mattermost instance is setup. All communication between the integration and MS Teams/Graph API are conducted over SSL/HTTPS.

Are there any database or network security considerations?#

There is nothing specific to the integration that is beyond what would apply to a Mattermost instance.

Are there any compliance considerations (ie. GDPR, PCI)?#

There is nothing specific to the integration that is beyond what would apply to a Mattermost instance.

How often will users sync from Microsoft Teams to Mattermost?#

The frequency of user synchronizing is customizable within the System Console’s integration configuration page.

Is a service account required for this integration to sync users from MS Teams to Mattermost?#

No. User synchronizing is done by the “application” itself.

Can I embed Mattermost within Microsoft Teams?#

Yes. See the collaborate within embedded microsoft teams documentation to learn more.

How is this integration architectured?#

See the following diagram showing the architecture for this Mattermost integration:

Mattermost for Microsoft Teams interoperability architecture diagram, version 1.0.

Get help#

If you face issues while installing this integration, gather relevant information, including reproduction steps to accelerate troubleshooting. You’re welcome to open a new issue in the Mattermost for Microsoft Teams GitHub repository.