Skip to content
This repository was archived by the owner on Jan 15, 2025. It is now read-only.

Create Enterprise Assistant

Jump to bottom
lauren-mills edited this page May 10, 2021 · 17 revisions

Configuring your Enterprise Assistant

To test this bot locally, you will need to complete the following steps:

  1. Provision Azure resources for local development of your root bot and each skill
  2. Configure authentication settings for your People skill
  3. Configure authentication settings for your Calendar skill
  4. Configure allowed callers

1. Provision Azure Resources

In order to test this bot locally, you will need the following services provisioned in Azure:

  • An Azure Bot Registration for your root bot and each skill
  • Language Understanding (LUIS)
  • QnA Maker

2. Configure Authentication (People Skill)

You must configure an authentication connection on your Azure Bot Registration in order to log in and access Microsoft Graph resources. You can configure these settings either through the Azure Portal or via the Azure CLI.

Option 1: Using the Azure Portal

  1. Open your Bot Channels Registration resource and go to the Configuration tab

  2. Click Add OAuth Connection Settings

  3. Assign your connection setting a name (save this value for later)

  4. Select Azure Active Directory v2 from the Service Provider dropdown.

  5. Fill in the following fields and click Save:

    • Client id: your Microsoft App ID
    • Client secret: your Microsoft App Password
    • Tenant ID: your Azure Active Directory tenant ID, or "common" to support any tenant
    • Scopes: Contacts.Read Directory.Read.All People.Read People.Read.All User.ReadBasic.All User.Read.All

  6. In the Configuration tab, click Manage next to your Microsoft App ID

  7. In the API permissions tab, click Add a permission

  8. Click Microsoft Graph and add the following scopes:

    • Contacts.Read
    • Directory.Read.All
    • People.Read
    • People.Read.All
    • User.ReadBasic.All
    • User.Read.All

  9. In the Authentication tab, click Add a platform

    1. Select Web
    2. Set the URL to https://token.botframework.com/.auth/web/redirect.

  10. In Bot Framework Composer, open your Project Settings and toggle the Advanced Settings View

  11. Set the following property to the value from Step 3:

    {
  "oauthConnectionName": "Outlook",
}

Option 2: Using Azure CLI

  1. Get your Microsoft App Object ID (used in later steps):

    az ad app show --id <bot-app-id> --query objectId

  2. Set the Redirect URL on your Microsoft App:

    az rest --method patch --url https://graph.microsoft.com/v1.0/applications/<objectId> --body "{'web': {'redirectUris': ['https://token.botframework.com/.auth/web/redirect']}}"

  3. Add the required Microsoft Graph scopes to your Microsoft App:

    az rest --method patch --url https://graph.microsoft.com/v1.0/applications/<objectId> --body "{ 'requiredResourceAccess': [{'resourceAppId': '00000003-0000-0000-c000-000000000000','resourceAccess': [{ 'id': 'b89f9189-71a5-4e70-b041-9887f0bc7e4a', 'type': 'Scope' }, { 'id': 'b340eb25-3456-403f-be2f-af7a0d370277',	'type': 'Scope'	}, { 'id': 'a154be20-db9c-4678-8ab7-66f6cc099a59',	'type': 'Scope'	}, { 'id': '06da0dbc-49e2-44d2-8312-53f166ab848a', 'type': 'Scope' }, { 'id': 'ff74d97f-43af-4b68-9f2a-b77ee6968c5d', 'type': 'Scope'	}, { 'id': 'ba47897c-39ec-4d83-8086-ee8256fa737d', 'type': 'Scope' } ]}	]}"

  4. Add your OAuth setting to your Azure Bot Service. The values for bot-name, bot-rg, bot-app-id, and bot-app-secret can be found in your bot's publish profile.

    az bot authsetting create  --name <bot-name> --resource-group <bot-rg> --client-id <bot-app-id> --client-secret <bot-app-secret>  --service "Aadv2" --setting-name "Outlook" --provider-scope-string "Contacts.Read Directory.Read.All People.Read People.Read.All User.ReadBasic.All User.Read.All" --parameters clientId="<bot-app-id>" clientSecret="<bot-app-secret>" tenantId=common

  5. Update your Bot settings with your OAuth Connection name in the Advanced Settings View:

    {
  "oauthConnectionName": "Outlook",
}

2. Configure Authentication (Calendar Skill)

You must configure an authentication connection on your Azure Bot Registration in order to log in and access Microsoft Graph resources. You can configure these settings either through the Azure Portal or via the Azure CLI.

Option 1: Using the Azure Portal

  1. Open your Bot Channels Registration resource and go to the Configuration tab

  2. Click Add OAuth Connection Settings

  3. Assign your connection setting a name (save this value for later)

  4. Select Azure Active Directory v2 from the Service Provider dropdown.

  5. Fill in the following fields and click Save:

    • Client id: your Microsoft App ID
    • Client secret: your Microsoft App Password
    • Tenant ID: your Azure Active Directory tenant ID, or "common" to support any tenant
    • Scopes: Calendars.ReadWrite Contacts.Read People.Read User.ReadBasic.All

  6. In the Configuration tab, click Manage next to your Microsoft App ID

  7. In the API permissions tab, click Add a permission

  8. Click Microsoft Graph > Delegated Permissions and add the following scopes:

    • Calendars.ReadWrite
    • Contacts.Read
    • People.Read
    • User.ReadBasic.All

  9. In the Authentication tab, click Add a platform

    1. Select Web
    2. Set the URL to https://token.botframework.com/.auth/web/redirect

  10. In Bot Framework Composer, open your Project Settings and toggle the Advanced Settings View

  11. Set the following property to the value from Step 3:

    {
  "oauthConnectionName": "Outlook",
}

Option 2: Using Azure CLI

  1. Get your Microsoft App Object ID (used in later steps):

    az ad app show --id <bot-app-id> --query objectId

  2. Set the Redirect URL on your Microsoft App:

    az rest --method patch --url https://graph.microsoft.com/v1.0/applications/<objectId> --body "{'web': {'redirectUris': ['https://token.botframework.com/.auth/web/redirect']}}"

  3. Add the required Microsoft Graph scopes to your Microsoft App:

    az rest --method patch --url https://graph.microsoft.com/v1.0/applications/<objectId> --body "{ 'requiredResourceAccess': [{'resourceAppId': '00000003-0000-0000-c000-000000000000', 'resourceAccess': [ { 'type': 'Scope', 'id': 'ba47897c-39ec-4d83-8086-ee8256fa737d' }, { 'type': 'Scope', 'id': 'ff74d97f-43af-4b68-9f2a-b77ee6968c5d' },  { 'type': 'Scope', 'id': '1ec239c2-d7c9-4623-a91a-a9775856bb36' }, { 'type': 'Scope', 'id': 'b340eb25-3456-403f-be2f-af7a0d370277' } ]} ]}"

  4. Add your OAuth setting to your Azure Bot Service:

    az bot authsetting create  --name <bot-name> --resource-group <bot-rg> --client-id <bot-app-id> --client-secret <bot-app-secret>  --service "Aadv2" --setting-name "Outlook" --provider-scope-string "Calendars.ReadWrite Contacts.Read People.Read User.ReadBasic.All" --parameters clientId="<bot-app-id>" clientSecret="<bot-app-secret>" tenantId=common

  5. Update your Bot settings with your OAuth Connection name in the Advanced Settings View:

    {
  "oauthConnectionName": "Outlook",
}

4. Configure allowed callers

For each of your bots, follow these steps to register allowed callers:

  1. Open Configure > Skill configuration
  2. Add the App ID(s) that should be allowed to call your bot. For your root bot, this should be the IDs of the skills. For the skill bots, this should be the ID of the root bots.
  3. You should now be able to run and test your bots locally.

Next Steps

After you have completed the preceding steps to run and test locally, you can follow these steps to publish your projects to Azure:

1. Create skill manifests & publish skills

Once your resources are provisioned and your authentication settings have been configured, follow these steps to create a skill manifest and publish each of your skills:

  1. In the Create tab, click the More Options button beside your skill project.
  2. Select Export as skill to launch the manifest creation flow
  3. Fill in the properties, dialogs, and triggers you would like to include. Learn more about skill manifest contents here.
  4. Fill in the allowed callers field with the ID of your root bot
  5. Select the publishing profile to use for your skill endpoints
  6. Finally, click Generate and Publish to publish your skill to your endpoint with the generated manifest.

2. Publish Enterprise Assistant Bot to Azure

To publish your Enterprise Assistant Bot, follow these steps:

  • If you have not already provisioned your bots, follow the Composer instructions here to create your Azure resources and publishing profiles
  • In Configure > Skill configuration > Call skills, update your Skill host endpoint URL to your production bot skills endpoint (i.e. "http://<bot-name>.azurewebsites.net/api/skills")
  • Publish your bots via the Publish tab
Clone this wiki locally