Tutorial: Build an Enterprise People Bot

  • [アーティクル]

APPLIES TO: Composer v2.x

Create your project in Composer

The Enterprise People Bot template is included in the Bot Framework Composer by default. Follow these steps to create a project:

  1. Open Bot Framework Composer (version 2.0.0 or later).

  2. On the home page, select Create new.

  3. Select the C# Enterprise People Bot template, and select Next.

  4. Enter your desired Name, Location, and Runtime type.

    For the runtime type, you can choose Azure Web App or Azure Functions. For more information about these service types, see Choose an Azure compute service for your application.

  5. Select Create. Composer takes a few moments to create your bot from the template.

After creating the bot, you'll notice errors. In the next section, you'll enter the credentials to fix them.

Provision Azure resources

The Enterprise People Bot requires Azure resources in order to run locally. Follow these steps to provision the required resources:

  1. Select the Publish button on the left. Then select the Publishing profile tab and select Create new.

  2. Fill out the values to create a publishing profile and provision resources. For more information, see the Publish a bot to Azure article. The following resources are required for local development:

    • Microsoft Application Registration
    • Azure Hosting
    • Azure Bot resource
    • Microsoft Language Understanding Authoring Account

  3. Go to Configure > Development Resources. Then select Set up Language Understanding.

  4. Select Use existing resources and enter the subscription and the resource from the resource group you created earlier.

  5. Select Next and then select Done.

Configure authentication

You must configure an authentication connection on your Azure Bot in order to log in and access Microsoft Graph resources. You can configure these settings either through the Azure portal or via the Azure CLI.

Option 1: Use the Azure portal

  1. Go to the Azure portal.

  2. Open your Azure Bot resource and open its Configuration blade.

  3. Select Add OAuth Connection Settings.

    1. Assign your connection setting a name (save this value for later).

    2. Select Microsoft Entra ID from the Service Provider dropdown.

    3. Fill in the following fields and select Save:

      • Client id: your Microsoft App ID.
      • Client secret: your Microsoft App password.
      • Tenant ID: your Microsoft Entra ID tenant ID, or common to support any tenant.
      • Scopes: Contacts.Read Directory.Read.All People.Read People.Read.All User.ReadBasic.All User.Read.All

  4. On the Configuration blade, next to Microsoft APP ID, select Manage. Azure opens the Certificates + secrets blade for the identity resource for your bot.

  5. In the API permissions blade, select Add a permission.

    Select Microsoft Graph > Delegated Permissions and add the following scopes:

    • Contacts.Read
    • Directory.Read.All
    • People.Read
    • People.Read.All
    • User.ReadBasic.All
    • User.Read.All

  6. In the Authentication blade, select Add a platform

    1. Select Web
    2. Set the URL to https://token.botframework.com/.auth/web/redirect

  7. In Bot Framework Composer, open your Project Settings and toggle the Advanced Settings View

  8. Set the following property to the name you assigned to your connection setting:

    {
  "oauthConnectionName": "<your-connection-setting-name>",
}

Option 2: Use the Azure CLI

  1. Get your Microsoft App Object ID (used in later steps):

    az ad app show --id <bot-app-id> --query objectId

  2. Set the Redirect URL on your Microsoft App:

    az rest --method patch --url https://graph.microsoft.com/v1.0/applications/<objectId> --body "{'web': {'redirectUris': ['https://token.botframework.com/.auth/web/redirect']}}"

  3. Add the required Microsoft Graph scopes to your Microsoft App:

    az rest --method patch --url https://graph.microsoft.com/v1.0/applications/<objectId> --body "{ 'requiredResourceAccess': [{'resourceAppId': '00000003-0000-0000-c000-000000000000','resourceAccess': [{ 'id': 'b89f9189-71a5-4e70-b041-9887f0bc7e4a', 'type': 'Scope' }, { 'id': 'b340eb25-3456-403f-be2f-af7a0d370277', 'type': 'Scope' }, { 'id': 'a154be20-db9c-4678-8ab7-66f6cc099a59', 'type': 'Scope' }, { 'id': '06da0dbc-49e2-44d2-8312-53f166ab848a', 'type': 'Scope' }, { 'id': 'ff74d97f-43af-4b68-9f2a-b77ee6968c5d', 'type': 'Scope' }, { 'id': 'ba47897c-39ec-4d83-8086-ee8256fa737d', 'type': 'Scope' } ]} ]}"

  4. Add your OAuth setting to your Azure Bot Service. The values for bot-name, bot-rg, bot-app-id, and bot-app-secret can be found in your bot's publish profile under Publish > Publishing profile > Edit > Import existing resources > Next.

    az bot authsetting create  --name <bot-name> --resource-group <bot-rg> --client-id <bot-app-id> --client-secret <bot-app-secret>  --service "Aadv2" --setting-name "<your-connection-setting-name>" --provider-scope-string "Contacts.Read Directory.Read.All People.Read People.Read.All User.ReadBasic.All User.Read.All" --parameters clientId="<bot-app-id>" clientSecret="<bot-app-secret>" tenantId=common

  5. Update your Bot settings with your OAuth Connection name in the Advanced Settings View:

    {
  "oauthConnectionName": "<your-connection-setting-name>",
}

Next steps

After you run and test your bot locally, you can publish your bot to Azure.

Publish to Azure

To publish your Enterprise People Bot, follow the steps in the Publish your bot section of the publishing to Azure article.