Technical Articles
SuccessFactors LMS – Microsoft Teams VLS Integration
[UPDATE on 6 Feb 2021: The comprehensive guide with detailed configuration steps in LMS and Microsoft Azure has been posted in KBA#3113230 as Supplementary VLS Configuration for Microsoft Teams. You are advised to check the KBA instead of this blog]
SuccessFactors has recently (2H 2021) released the LMS VLS integration with Microsoft Teams, while the configuration steps are not comprehensive enough especially on Microsoft Azure side.
This blog quickly demonstrates how configuration has been made on both SuccessFactors LMS and Microsoft Azure.
Since there are still limitations/bugs to be solved by SuccessFactors, this blog post may be revised someday.
Ref:
- SAP Help Portal – Implementing Virtual Learning System (VLS)
- SAP KBA – 3113230 – Microsoft Teams – VLS Implementation Supplementary Links
- SuccessFactors Community – Microsoft Teams VLS Configuration – How to Set Up MS Teams in MS Azure Portal
- SuccessFactors Community – MicroSoft Teams VLS Integration
This blog will cover configurations in below order:
- Configuration in Microsoft Azure
- Configuration in SuccessFactors LMS [TBC]
- Walkthrough – Instructor Record VLS Settings [TBC]
- Walkthrough – Scheduling a VLS class [TBC]
- Walkthrough – Instructor starts the class [TBC]
- Walkthrough – Student starts the class [TBC]
- Walkthrough – Process VLS Attendance APM (Not working and pending to be solved) [TBC]
Step 1: Configuration in Microsoft Azure
You may refer to Microsoft Document links in SAP KBA – 3113230 – Microsoft Teams – VLS Implementation Supplementary Links:
- Register your Microsoft Teams app
Configure the Microsoft Teams app to expose a web API[no use in my test case]- Configure a client application to access a web API [only application permission is used in my test case]
- Allow applications to access online meetings on behalf of a user
- Grant per-user application access policy [instead of granting per-user, I have granted the application access policy to global aka all users in the Azure tenant]
- Microsoft Graph permissions reference – Microsoft Graph | Microsoft Docs
3 Configure a client application to access a web API [only application permission is used in my test case]
This step is to grant your newly created Microsoft Teams app to access MS Graph API. Several APIs are used in this integration scope in order to:
- Verify the instructor can access Microsoft Teams
- Manage online meetings eg. create meetings for each class’s time slots, register students
Details please check SAP Help Portal – Implementing Virtual Learning System (VLS).
4 Allow applications to access online meetings on behalf of a user
This step will create an application access policy which defines the application access policy with mapping the newly created Microsoft Teams app.
This application access policy will further be granted to authorized users so that they can use the Microsoft Teams app to call various MS Graph API.
*This step requires MS PowerShell tool, which is generally found in MS Windows OS (Windows 11 is used in this case). Please make sure you have install Microsoft Teams PowerShell module before. (Ref: Install Microsoft Teams PowerShell Module)
Authenticate MicrosoftTeams:
Import-Module MicrosoftTeams
$userCredential = Get-Credential
Connect-MicrosoftTeams -Credential $userCredentialCreate application access policy:
New-CsApplicationAccessPolicy -Identity Teams2SF_2-policy -AppIds “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx” -Description “Teams2SF_2 Access Policy”
the argument after ‘-Identity’ defines the policy ID (freely by you)
the argument after ‘-AppIds’ refers the app ID of newly created MS Teams app in step 1.
the argument after ‘-Description’ defines the policy description (freely by you)
*Use cmdlet ‘Get-CsApplicationAccessPolicy’ to check all existing application access policy for verification
5 Grant per-user application access policy [instead of granting per-user, I have granted the application access policy to global aka all users in the Azure tenant]
You can grant the application access per user so that this user is authorized to call the MS Teams app and then MS Graph API. This user should be referred as Instructors in my guess (as I encountered the application access policy 403 during creating a VLS class when the instructor is not granted.
Grant the application access policy to all users in Azure tenant by ‘-Global’:
Grant-CsApplicationAccessPolicy -PolicyName Teams2SF_2-policy -Global
Step 1 Configuration in Microsoft Azure is done, and stay tuned for remaining steps since this is Lunar New Year holiday in my country~
Thank you. Your article is very useful. Just one question. Class time slots should synchronize with MS Teams calendar?
Yes. I can see they are sync, and everytime you update time slot will also trigger the email notification as well.
We configured everything according to the SAP manual attached, which only indicated two types of permissions (picture below), in LMS side VLS works fine, but calendar is not sync.
In your article indicates five, could you explain what the rest of the permissions should do? I am referring to the following permissions:
User.ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
I learnt those 5 permissions from previous version of KBA#3113230 (as well as SuccessFactors Community), and which the KBA has been updated recently that only 2 permissions (as per your reply) are required.
To be honest I can't tell why/where those permissions are used (maybe during creating instructor account, creating VLS class, registering class, processing VLS attendance APM, etc) and we can see SuccessFactors keeps updating the design (eg. I found instructor was treated as the meeting host and other registered users was treated as the meeting attendees and they have to wait for instructor to add into the teams meeting in early testing. But now both instructor and registered users are playing the same role in the teams meeting..)
Hi Carson, thanks for the blog post, it is very helpful.
Would you be able to share the KBA document that states the required permissions? I do not have access to these documents. I have asked our Successfactors admin for the document, but that version (version 6 - released on 18.01.2022) only contains 6 links to very generic Microsoft documentation and says nothing about required permissions.
I need to provide documentation to our Azure AD global admins about the exact permissions required. Not so simple with limited access to documentation and with permissions apparently being a moving target...
You can find the attachment in KBA#3113230 which has stated the permissions in p.6.
Hope this helps.
Carson Wong, It is really useful. The session created out of this integration can be leveraged for social collaboration like content sharing ??
It depends on the MS Teams, but I see even the basic Teams meeting can have share screen/content/recording..so it will be fine.
In my understanding, LMS only calls standards APIs delivered by Microsoft Teams (via Microsoft Graph API) for the integration. There is no LMS-specific functions built in this case.
Hi Carson, thank you for the information, Can you share with me the Configuration in SuccessFactors LMS [TBC] please ? I have not been able to download the template. thanks for your help.
<?xml version="1.0" encoding="UTF-8"?>
<connector>
<description>Microsoft Teams Meeting connector</description>
<! -- The plateau connector class. This should not be modified. It is the implementation class for Teams integration -->
<connector_class>com.successfactors.lms.framework.vle.impl.TeamsConnector</connector_class>
<!-- ======================================= -->
<!-- configuration parameters for Teams -->
<!-- ======================================= -->
<url_api_address>https://graph.microsoft.com</url_api_address>
<api_key>Application (client) ID of tenant from Azure portal</api_key>
<password>Value field from client secret</password>
<tenant_id>Directory (tenant) ID of tenant from Azure portal</tenant_id>
<application_id>Application (client) ID of tenant from Azure portal</application_id>
</connector>
Hi Carson,
thanks for this helpful blog post!
Do you know the difference between <api_key> and <application_id>?
Because the description is the same: Application (client) ID of tenant from Azure portal
Thanks!
You are right that they are exactly storing the same information.
Carson Wong We completed the integration and it works as described by SAP, except the VLS Attendance APM. Is there any update concerning this matter?
We are also not able to record attendance automatically. Did you manage to resolve it?
We learnt the record attendance automatically function has been fixed recently. I have tested and it is working just fine.
For quick reference:
Hope this helps.
This is very interesting! Thank you.
Do you know if something similar could be done with Interview Scheduling in the Recruiting Management module?
Thanks,
Camélia
Hi Camelia,
Are you referring the Interview Scheduling with Outlook feature in Recruiting Management?
I have studied that configuration recently, and seems there is no way to setup the teams 'automatically' when the interview meeting request is created.
Instead, since the feature uses the technical account (not interviewer or interviewee) to create the meeting request as an organiser, you may use that technical account to update the meeting request in Outlook or Teams app, but those updates cannot be captured in Recruiting Management.
(Immature design...long time to go and my team generally not recommend to adopt this feature currently, let's see any enhancement in coming releases)
Thanks,
Carson
Hi Carson,
I see. Thank you for the details.
Best,
Camélia
Hi Carlson,
Thanks for the blog. Really helpful.
I was successfully able to update the VLS Configuration properties & also the VLS Settings for Instructor. However I am currently facing a issue while scheduling / adding a class in Successfactors LMS. I am not able to save the class after selecting the MS Teams as VLS Server & also selecting the Instructor who has added with MS Teams VLS Server with his/her email address.
These users have Microsoft Teams account with the same email address including me.
The Permissions which have been given at the MS Azure End in the Microsoft Graph are as below:
OnlineMeetings.ReadWrite.All
User.Read
User.Read.All
Error i am facing:
Error message = Failed to send VLE Instructor Notification<br>Ticket No = 1016088<br>ErrorFingerprint [exceptionRootCauseTag=96ec49343cb40cd17dfbba76e2e60ce21aebf890, exceptionStackTraceTag=fb052b44dbd562e1df56fd95430d6a67798ea692]<br>Timestamp = 2022-08-18T13:03:12.485+0000
Regards,
VP.
Hi VP,
So far I have not encountered your issue before and thus I went through again the configuration (in both Azure and LMS) in my DC10 testing environment and seems all good. You may check again the settings:
If everything looks good but the problem still exists, I suggest you to raise the ticket to SAP Support.
Hope this helps.
Thanks,
Carson
Hi Carson,
Thanks for the reply.
I've checked the below with MS Azure Team:
SAP says this error is out of support & asked me to check VLE instructor template. The thing is customer do not use notifications currently.
Could you please advise.
Regards,
VP.
Hi Carson,
The issue is resolved now.
Under Mail Settings - The
Also, selected Admin (from Free-Form) in the : field.
Post which we were able to save the class with MS teams as VLS Server.
Thanks for the help.
Regards,
Vinay.
Good to hear that.
Hello Carson
Thanks for sharing this information, is very helpful.
I am wondering if you can tell us how much effort is needed to implement this, in terms of time and resoures that need to be involved. Is testing straight forward?
Thanks again
Estela
Hi Carson,
I trust you are doing good.
I was going through a thread in Successfactors Community forum where they have mentioned the below:
Microsoft Teams changed the attendance API, which requires additional permission to be added to the Azure portal: OnlineMeetingArtifact.Read.All. This permission is needed to get the meeting attendance records.
Please ensure that you add this permission in your Azure before 2H 2022 goes into production; otherwise, the attendance processing will be unsuccessful, which may impact your business.
Community URL - https://community.successfactors.com/t5/Learning-Forum/Announcement-Microsoft-Teams-requires-a-new-permission-to/td-p/296069
Link - https://learn.microsoft.com/en-us/graph/cloud-communications-online-meeting-artifacts
The same is mentioned in the Blog - https://talenteam.com/blog/successfactors-learning-and-microsoft-teams-vls-integration/
Wanted to check if the permission - OnlineMeetingArtifact.Read.All also has to be added?
Please advise.
Regards,
Vinay.
Yes, it is required as per the attachment in SAP KBA#3113230 - Microsoft Teams - VLS Implementation Supplementary Links
Your concern is found in coming 2H2022 release as well.
https://help.sap.com/docs/SAP_SUCCESSFACTORS_RELEASE_INFORMATION/8e0d540f96474717bbf18df51e54e522/9ed67a201b774007905f5354c9a9f146.html?parentHref=%2Fwhats-new%2F8fcf4960eea24f78b1d7613da406a885%3FApplication_Component%3DPerformance%252520%252526%252520Goals%26Version%3D2H%2525202022%26locale%3Den-US&parentName=SAP%20SuccessFactors%20What%27s%20New
Thanks Carson. This helps.
Thanks Ka Shun.
Hi all, can you please vote for this improvement request: https://influence.sap.com/sap/ino/#/idea/291380/?section=sectionDetails (LMS integration to Teams)? The issue is very important to us as we have users with no TEAMS accounts being able to join TEAMS session, but the system doesn't recognize them as being in the class and add the training as INCOMPLETE in their learning history.
Thanks!
I have voted in this request and I am also thinking how system can differentiate who in the attendance list has been absent (so that incomplete status learning history should be recorded) or has been presented as anonymous users in Teams meeting.
Maybe this can only be solved by having a UI for learning admin to cross-check the attendance list in LMS vs attendance record from Teams and then make decision, instead of simply using the APM (just this will be a long journey to make this enhancement live to me.)
Hi Carson,
We were able to implement the Teams integration with LMS easily thanks to your blog, but the issue we are facing now is, we are not able to add external instructors in our system. We are facing the below error. Instructors mail ID is of Yahoo.com . We also tried to add my outlook mail ID still facing the same issue. Any thoughts on how to resolve the error. Please note we have no issue in adding instructors using our company mail ID.
Instructor email will be checked against your company Teams AD (ie. Instructor has no Teams account under your company).
Seems to me you should have external instructors which have valid Teams account under your company.
SuccessFactors has made an update in 2H 2022 release for your reference:
https://help.sap.com/docs/SAP_SUCCESSFACTORS_RELEASE_INFORMATION/8e0d540f96474717bbf18df51e54e522/15d1f53cdf954ecab64c115b30d157b0.html?parentHref=%2Fwhats-new%2F8fcf4960eea24f78b1d7613da406a885%3FApplication_Component%3DLearning%26Version%3D2H%25202022%26locale%3Den-US&parentName=SAP%20SuccessFactors%20What%27s%20New
Hi Carson,
Thanks for your input. We will implement this change and check.
Hi Carson,
Thanks for your blog. We are facing the issue that attendance for primary instructor of VLS class in SF Learning is double the time that the primary instructor actually was attending the class. That's why students get the status not completed when we work with 75 % attendance for class completion. So a student that spends the same time in the class as the primary instructor will just get half the attendance duration of the class and will never achieve the 75 %.
Did you maybe experience the same issue or do you have any suggestions on how to solve this?
Thanks in advance and best regards
Doreen
Hello Doreen
We are having the same problem.
When the percentage is 45% the student attendance get the status completed and when the percentage is 55% the student attendance get the status not completed
We believe that the time considered for the instructor is doubled, so students cannot get the completed status when the percentage is greater than 50%
Were you able to find out anything else about your problem?
Thanks, Best Regards.
Giovanna.
Hello Giovanna,
Thanks for your message.
There is a separate posting in the community regarding that issue: https://groups.community.sap.com/t5/sap-successfactors-learning/vls-teams-integration-doubled-duration-sent-by-teams/td-p/224385
I opened a ticket and SAP support closed the incident saying LMS application is working as expected and the data is being received from Microsoft teams and LMS does not calculate the times, and it is MS Teams' responsibility.
That answer is not really bringing a soluting to the problem. So our way to deal with the error is to use 37,5 minimum percentage of attendance for credit, so that students get completed status, when they actually attended 75 % of instructors recorded time in LMS.
Best regards,
Doreen
There is a setting called VLS Synchronization Frequency under Global Application Settings which controls the frequency of the VLS Synchronization process. But not finding any documentation on exactly what this process does nor what data is synced. Any insights into this process would be very much appreciated..
Was told by SF support that the VLS Synchronization Frequency is obsolete and will be removed from the UI in a future update.
Hello Carson Wong,
I would like to start by praising the article you have here. Congratz.
We have recently enabled the LMS VLS integration with Microsoft Teams.
However, when checking the Certificate of Completion for VLS session we noticed the <INSTRUCTOR_NAME> tag is unfortunately bringing Instructor's "Instructor Name" preceded by Instructor's "Instructor ID", and that should not happen.
If the session is not a VLS one, <INSTRUCTOR_NAME> tag only comes with Instructor's "Instructor Name" as desired.
E.g. Assuming my Instructor ID is "jpinto" and my Instructor Name is "Pinto, Joao":
- in a VLS session certificate it is coming: jpinto - Pinto, Joao
- while in a non-VLS session certificate it is coming simply: Pinto, Joao
We were not able to find any documentation mentioning this different behaviour of the tag, so we would like to check with you if there is any setting in LMS that we can change to fix this unexpected behaviour we are facing when generating Certificates, or if you aware of this limitation.
Thank you in advance.
Best regards,
Once the class and corresponding Teams meeting is created I logged into Teams and am not seeing the meeting that was created in the Teams calendar. Am assuming that the organizer for the Teams meeting is the primary instructor associated with the class in SuccessFactors. Any idea why the meeting is not appearing in the Teams calendar? Any help would be appreciated.