Microsoft Teams

Connect Microsoft Teams to send governed messages and receive inbound chat via Bot Framework.

What you can do#

Connect a Microsoft Teams bot to your LumenFlow workspace so Sidekick can post messages into Teams channels and conversations, and receive inbound messages from your team members.

ActionDescriptionStatus
Send messagePost to any Teams channel or conversationShipped
Reply to threadReply to an existing activity by idShipped
Receive messagesIngest inbound messages via Bot Framework webhookShipped
Approval routingRoute outbound messages through approval workflowShipped

Setup#

  1. Register a Bot in the Azure Bot Service. You need a Bot App ID and a Bot App Password (client secret).
  2. Go to Settings > Connections in LumenFlow
  3. Click Add Connection > Microsoft Teams
  4. Enter your Bot App ID and Bot App Password
  5. Optionally enter a Tenant ID to restrict to a single Azure AD tenant
  6. Click Save -- LumenFlow encrypts your credentials and returns a webhook URL

info LumenFlow generates a unique webhook URL for your workspace. You will configure this URL as the Bot Framework messaging endpoint in the Azure portal.

Webhook setup#

After saving the connection, LumenFlow returns a webhook URL in the format:

https://your-domain.com/api/v1/sidekick/integrations/teams/webhook?key=<unique-key>
  1. Open the Azure Bot Service configuration for your bot
  2. Set the Messaging endpoint to the webhook URL above
  3. Send a test message to the bot in Teams -- it should appear in LumenFlow's activity feed

Security#

  • Bot Framework JWT verification -- every inbound webhook request is verified against Microsoft's Bot Framework OpenID metadata. Invalid tokens are rejected with HTTP 401.
  • Webhook key -- the ?key= parameter uniquely identifies your workspace integration. Keep it private.
  • Rate limiting -- distributed rate limits protect against webhook flooding (per-integration and per-workspace).
  • Credentials encrypted at rest -- your Bot App Password is encrypted before storage.

Best practices#

  • Dedicate a bot per workspace -- avoid sharing a single bot registration across multiple LumenFlow workspaces
  • Use tenant scoping -- pass your Azure AD Tenant ID during setup to restrict the bot to your organization
  • Set governance rules -- require approval for messages posted to high-visibility channels

info Inbound messages trigger Sidekick's chat pipeline automatically. Responses follow your workspace's governance rules before being sent back to Teams.