botsbotframeworkmicrosoft-teamsmicrosoft-graph-teamsteams-toolkit

Designing a truly multi-tenant ms teams app

Context - We have a SaaS app, which hosts many customers, and for us, customer environment isolation is our utmost priority (for obvious security reasons).

For this SaaS app, we are currently building a ms teams bot / integration. Plan is that customers will find this app on ms teams marketplace, they will install it and connect their accounts with bot to receive alerts, etc on their teams channels / dms.

Problems -

  1. Bot registration requires us to provide an URL, where the azure bot will forward the events that it will recieve from ms teams. (user adding the bot to a team or personal scope, user tries some commands, etc events)

    • so we will need to somehow keep track of from which customer teams instance the requests are coming, and to which customer we have to forward it to.

    • Only way that i see to achieve this is via using lambda + postgres for keeping track of mapping between to .

    • Is there anyway we can get rid of database ? maybe we can store some extra context while installing the app in a team, and each request can carry that data, which lambda can use to route the events.

  2. Are ms teams's team ids unique ?

    • Many botframework apis use teamId in their urls, and we dont want to accidently send data on 1 customer to another by mistake, just because the team id wasn't unique
    • Tried finding docs regarding online, but got no luck :( (apologies if i missed)

Thank you folks in advance !

Solution

  • It's definitely possible to get the information you're looking for inside your bot. As part of receiving a message from a user, your app, based on the Bot Framework SDK, receives a turnContext object, which in turn contains an activity property. Off Activity you can find things like the User's unique Azure AD user id, their email address and their display name. It also contains the Tenant Id, so that's what you can use to differentiate messages from different tenants. Finally, it stores Channel information so you can determine which Team and which Channel the bot could be used in at the time (obviously that doesn't apply if the bot is being used in a Group Chat or a 1-1 conversation).

    Aside from that though, it's also possible, using the SDK, to request additional data, like the list of other Channels in the Team, etc. - see https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/get-teams-context?tabs=dotnet for more.

    Regarding storing data in a database, that's totally up to you and your app - you can choose to store (or not store) whatever you want, in whatever backend you want, e.g. blob or file storage - there's no specific requirement to have a database per se.