# Create a Microsoft Teams Enterprise Workbot

FEATURE AVAILABILITY

The Enterprise Workbot feature is available to direct customers on specific pricing plans, but isn’t available to Embedded partners or their customers. Refer to your pricing plan and contract to learn more.

DEPRECATION NOTICE

This page uses the Microsoft Teams Developer Portal (opens new window) to create and manage an app. As of January 1, 2022, Microsoft has deprecated App Studio.

The approach outlined on this page is the new, recommended method, but the App Studio instructions have been retained for reference.

VIRTUAL PRIVATE WORKATO (VPW) CUSTOMERS

This feature requires configuration steps that are specific to your Virtual Private Workato (VPW) instance. If you are a VPW customer, refer to your VPW private documentation for the configuration details for your instances.

Enterprise Workbots (opens new window) are Microsoft Teams apps you create that can leverage the Workato bot platform under the hood. You can fully customize your bot's identity, such as:

Branding (bot name, bot logos, accent color)
Custom OAuth profile (bot ID, App secret)
Permissions

These Microsoft Teams apps can be sideloaded into your Microsoft Teams groups or channels for use by your members. If you want control over your bot's branding and permissions or multiple purpose-specific bots, Enterprise Workbots are for you.

# Prerequisites

To set up an Enterprise Bot, you must have the following:

In Workato:
- Access to:
  - Workbot: If you don’t see the Platform > Workbot option in your account, contact your Customer Success Manager.
  - Custom OAuth profiles: If you don’t see the Tools > Custom OAuth Profiles option in your account, contact your Customer Success Manager.
- Privileges that allow you to:
  - Create and configure Workbots.
  - Create and configure custom OAuth profiles.
In your Microsoft organization:
- One of the following roles:
  - Application administrator
  - Cloud application administrator
  - Global administrator
  - Privileged role administrator

DELEGATED PERMISSIONS AND APPLICATION PERMISSIONS

You can set up an Enterprise Workbot to use either Delegated or Application permissions (opens new window).

Delegated permissions, set as the default option, use the OAuth user's permissions to establish the connection in Workato. The user configuring the connection must have one of the required roles.

Application permissions offer enhanced security compared to Delegated permissions. This method keeps the connection independent of the user, preventing disconnection if the user logs out and allowing a non-administrator to set up the connection.

Refer to the Set up Application permissions (optional) step for more information.

Check your role assignments in Microsoft (opens new window) by going to Users > You (select your name) > Assigned roles.

# Create the Workbot in Workato

Complete the following steps to create the Workbot in Workato:

Go to Platform > Workbot.

Click the Custom bots tab. If you don't see this tab, ensure your workspace has access to Custom OAuth profiles.

Click Create a custom bot to open the New bot page.

Select Workbot for Microsoft Teams from the Application drop-down menu.

Enter a unique name for the bot in the Name field. The name may include spaces but cannot contain special characters.

Click Create new app. This opens the Microsoft Teams Developer Portal (opens new window) in a new tab and reveals the Bot endpoint address for future configuration.

Keep both the Workato tab and the Microsoft Teams Developer Portal tab open to complete the remaining steps.

# Create a Microsoft Teams app

Create the bot in Microsoft Teams Developer Portal
Create the app
Configure the bot's permissions
Configure authentication redirect URLs
Add a client secret

# Create the bot in the Microsoft Teams Developer Portal

Complete the following steps to create the bot in the Microsoft Teams Developer Portal:

Go to Tools > Bot Management (opens new window).

Click + New Bot.

Enter a name for the bot in the Bot name field. For consistency, use the same name as your Workato bot.

Click Add to add your bot to the Developer Portal.

Go to the Workato tab and copy the Bot endpoint address. It should resemble the following example:

https://app.workato.com/skype_webhooks/event?coak_id=42

Return to the Developer Portal tab and paste the copied value in the Bot endpoint address field.

Click Save.

Copy the Bot ID from the Developer Portal page URL. It should resemble the following example:

https://dev.teams.microsoft.com/bots/<YOUR-BOT-ID>/configure

Store the Bot ID securely for later use.

# Create the app

Complete the following steps to create the app in the Microsoft Teams Developer Portal:

Go to Apps (opens new window) and click + New app.

Enter a name for your app in the Name field.

Click Add to create your app.

Select the app you just created and go to Configure > Basic information.

Fill in the following required fields:

Short description: Enter a high-level description of your app in 80 characters or less.
Long description: Enter a detailed description of your app in 4,000 characters or less.
Developer or company name: Enter the name of the developer or company associated with the app.
Website: Enter a valid HTTPS URL.
Privacy policy: Provide a link to your privacy policy.
Terms of use: Provide a link to your terms of use.

Copy the Bot ID from the Create the bot in the Microsoft Teams Developer Portal step and paste it in the Application (client) ID field.

Click Save.

Optional. Go to Configure > Branding to set up bot branding.

Go to Configure > Domains.

Click Create your first domain to open the Add domain dialog.

Enter *.workato.com.

Click Add.

# Configure the bot's permissions

Complete the following steps to configure the bot's permissions in the Microsoft Teams Developer Portal:

Go to Configure > App features and click Bot.

Select your newly created bot from the Select an existing bot drop-down menu.

Select Upload and download files in the What can your bot do? field.

Select Personal, Team, and Group Chat in the Select the scopes where people can use your bot field.

Click Save.

Click Add a command.

Fill in the following fields:

Command: Enter help.
Description (help text): Enter Type 'help' to view available commands.
Select the scopes where people can use this command: Select Personal, Team, and Group Chat.

Click Add.

Click Save.

# Configure authentication redirect URLs

Complete the following steps to configure authentication redirect URLs in your Microsoft Azure portal:

Go to App registrations

Click your bot on the page that displays.

Go to Manage > Authentication.

In Supported account types, make sure that Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) is selected.

Click +Add a platform in Platform configurations and select Web.

Enter the redirect URI, depending on your data center:

US Data Center: https://www.workato.com/oauth/callback
EU Data Center: https://app.eu.workato.com/oauth/callback
JP Data Center: https://app.jp.workato.com/oauth/callback
SG Data Center: https://app.sg.workato.com/oauth/callback
AU Data Center: https://app.au.workato.com/oauth/callback

Click Configure to save your changes.

# Add a client secret

Complete the following steps to add a client secret to your bot in the Microsoft Azure portal:

CLIENT SECRETS

Client secrets expire periodically, typically every year, and require renewal. This applies to both Embedded and Direct use cases. For Embedded scenarios, only the Embedded partner needs to refresh the token used in the shared custom OAuth profile; end customers don't need to take any action. You can check your access token's expiration date at portal.azure.com (opens new window).

Go to Manage > Certificates & secrets > Client secrets.

Select + New client secret.

Enter a description for the client secret in the Description field.

Set an expiration date using the Expires drop-down menu.

Click Add to add the client secret to your app.

Click Copy to clipboard next to the secret in the Value column. Client secret values cannot be viewed again after they are created. Ensure that you save the secret securely before leaving the page.

# Configure Workato to talk to the app

Complete the following steps in Workato to complete the custom OAuth profile setup:

Go back to the Workato page from the Create the Workbot in Workato step.

Go to the Step 3 section and fill in the following fields:

Client ID - your bot ID: Enter the Bot ID from the Create the bot in the Microsoft Teams Developer Portal step. Also located in Tools > Bot management > Your bot.
Client secret: Enter the client secret from the Add a client secret step.
Application ID: Provide the app ID. You can find this value in the Developer Portal by going to Apps, selecting your app, and clicking Basic information.

Click Save.

# Publish to your org

Complete the following steps to publish your app to your organization:

Go to the Microsoft Teams Developer Portal tab.

Go to Publish > Publish to org.

Click Publish your app to submit a publish request to your Microsoft Teams admin.

Ask your Microsoft Teams admin to approve the publish request to complete the process.

# Add the bot to Microsoft Teams

Complete the following steps to add the bot to your Microsoft Teams instance:

Go to a Microsoft Teams channel and open a one-on-one chat or a group chat.

Type @ in the text box and select Get bots.

Locate and select your bot.

Click Post to add the bot to your Microsoft Teams channel.

CONFIGURE THE ENTERPRISE WORKBOT FOR EMBEDDED CUSTOMERS

For Embedded partners, additional steps are required to enable Enterprise Workbots for your end customers. Refer to Configure a Microsoft Teams Enterprise Workbot for Embedded users for more information.

# Set up Application permissions (optional)

To configure the Workbot app with Application permissions instead of Delegated permissions, follow this additional step to configure them in Microsoft Teams.

Last updated: 4/5/2025, 7:32:10 PM