SuccessFactors LMS – Microsoft Teams VLS Integration
[UPDATE on 6 Feb 2021: The comprehensive guide with detailed configuration steps in LMS and Microsoft Azure has been posted in KBA#3113230 as Supplementary VLS Configuration for Microsoft Teams. You are advised to check the KBA instead of this blog]
SuccessFactors has recently (2H 2021) released the LMS VLS integration with Microsoft Teams, while the configuration steps are not comprehensive enough especially on Microsoft Azure side.
This blog quickly demonstrates how configuration has been made on both SuccessFactors LMS and Microsoft Azure.
Since there are still limitations/bugs to be solved by SuccessFactors, this blog post may be revised someday.
- SAP Help Portal – Implementing Virtual Learning System (VLS)
- SAP KBA – 3113230 – Microsoft Teams – VLS Implementation Supplementary Links
- SuccessFactors Community – Microsoft Teams VLS Configuration – How to Set Up MS Teams in MS Azure Portal
- SuccessFactors Community – MicroSoft Teams VLS Integration
This blog will cover configurations in below order:
- Configuration in Microsoft Azure
- Configuration in SuccessFactors LMS [TBC]
- Walkthrough – Instructor Record VLS Settings [TBC]
- Walkthrough – Scheduling a VLS class [TBC]
- Walkthrough – Instructor starts the class [TBC]
- Walkthrough – Student starts the class [TBC]
- Walkthrough – Process VLS Attendance APM (Not working and pending to be solved) [TBC]
Step 1: Configuration in Microsoft Azure
You may refer to Microsoft Document links in SAP KBA – 3113230 – Microsoft Teams – VLS Implementation Supplementary Links:
- Register your Microsoft Teams app
Configure the Microsoft Teams app to expose a web API[no use in my test case]
- Configure a client application to access a web API [only application permission is used in my test case]
- Allow applications to access online meetings on behalf of a user
- Grant per-user application access policy [instead of granting per-user, I have granted the application access policy to global aka all users in the Azure tenant]
- Microsoft Graph permissions reference – Microsoft Graph | Microsoft Docs
3 Configure a client application to access a web API [only application permission is used in my test case]
This step is to grant your newly created Microsoft Teams app to access MS Graph API. Several APIs are used in this integration scope in order to:
- Verify the instructor can access Microsoft Teams
- Manage online meetings eg. create meetings for each class’s time slots, register students
Details please check SAP Help Portal – Implementing Virtual Learning System (VLS).
4 Allow applications to access online meetings on behalf of a user
This step will create an application access policy which defines the application access policy with mapping the newly created Microsoft Teams app.
This application access policy will further be granted to authorized users so that they can use the Microsoft Teams app to call various MS Graph API.
*This step requires MS PowerShell tool, which is generally found in MS Windows OS (Windows 11 is used in this case). Please make sure you have install Microsoft Teams PowerShell module before. (Ref: Install Microsoft Teams PowerShell Module)
Import-Module MicrosoftTeams $userCredential = Get-Credential Connect-MicrosoftTeams -Credential $userCredential
Create application access policy:
New-CsApplicationAccessPolicy -Identity Teams2SF_2-policy -AppIds “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx” -Description “Teams2SF_2 Access Policy”
the argument after ‘-Identity’ defines the policy ID (freely by you)
the argument after ‘-AppIds’ refers the app ID of newly created MS Teams app in step 1.
the argument after ‘-Description’ defines the policy description (freely by you)
*Use cmdlet ‘Get-CsApplicationAccessPolicy’ to check all existing application access policy for verification
5 Grant per-user application access policy [instead of granting per-user, I have granted the application access policy to global aka all users in the Azure tenant]
You can grant the application access per user so that this user is authorized to call the MS Teams app and then MS Graph API. This user should be referred as Instructors in my guess (as I encountered the application access policy 403 during creating a VLS class when the instructor is not granted.
Grant the application access policy to all users in Azure tenant by ‘-Global’:
Grant-CsApplicationAccessPolicy -PolicyName Teams2SF_2-policy -Global
Step 1 Configuration in Microsoft Azure is done, and stay tuned for remaining steps since this is Lunar New Year holiday in my country~