Using PingOne DaVinci’s Microsoft Teams Connector for Zero Trust Access Approval

As technology changes, organizations are caught between joining in or getting left behind. One rapidly growing area is managing the interactions of new users (both employees and customers) securely and interactively. This can be achieved through well-defined identity and access management (IAM) to ensure a secure, smooth, and frictionless digital experience. 

PingOne DaVinci is an identity orchestration platform that makes it easy to integrate different services through its no-code identity orchestration. Believing “if you can whiteboard it, you can orchestrate it,” PingOne DaVinci allows teams to create different workflows and manage vendor integration through drag-and-drop visuals. This eliminates the complex nature of custom coding and reduces the development limitations of the organization.

With PingOne DaVinci, you can design and create different secure automated identity use cases, such as authentication and fraud detection, across all user interactions with your application. The availability of DaVinci connectors allows users to perform various services and third-party integrations more easily.

This article will cover the capabilities of PingOne DaVinci’s Microsoft Teams connector for zero-trust access approval workflows.

PingOne DaVinci offers a Microsoft Teams connector that allows enterprises to have different types of Microsoft Teams or Slack capabilities within the DaVinci environment. This connector enables team leads to perform zero-trust access approvals for members on various teams and channels as well as send messages in chats and channels.

Zero trust access approvals are where each access request is evaluated based on a case-by-case metric. These requests are then approved or denied based on the metrics set using the principle of least privilege (PoLP). PingOne DaVinci also offers similar workflows with its Slack connector for user authentications.

Maintaining a zero trust security system can also mean handling many access requests. Access to specific systems or resources must be granted regularly, often creating tickets or sending emails. With the DaVinci Microsoft Teams connector, you can create a workflow that sends an automated message via Microsoft Teams with an access request to the appropriate administrator, who can then deny or grant the request with a few clicks.

Using PingOne DaVinci coupled with the ability of PingOne Authorize to simplify the process of providing approvals for access requests, organizational teams can achieve this workflow. But how?

First, you must have a Microsoft Teams account and administrative access to Microsoft Azure. Set up Microsoft Teams with the following steps:

1. Select the Microsoft account or organizational directory you want to use.

    

2. Select the platform type for your web or single-page application. These platform types typically require users to include a redirect URI and input the redirect URL of your DaVinci environment.

    

3. Note your application client and tenant IDs and create a client secret. Users need to take note of the client's secret value as it’s required to configure the connector.

    

4. Provide the connector with adequate permission to manage your messages.

Check out how to register an application with the Microsoft identity platform in this guide.

To achieve the Microsoft Teams connector configuration, you’ll need the DaVinci redirect URL, application redirect URL, client ID, client secret, and tenant ID. When it’s all set, you can proceed to use the connector in your workflow. 

The next section covers the several capabilities of the Microsoft Teams DaVinci connector. After adding the capability to send an automated message, you can populate the attributes with the relevant visual help provided by the DaVinci environment. 

You can choose and import the relevant workflow template from the Integration Directory. To simplify the process of providing zero trust access request approvals, you need to use PingOne Authorize. PingOne Authorize mainly helps teams centrally manage authorization requirements that vary from simple rules to more fine-grained policies. The dynamic authorization capability of the PingOne Authorize connector makes it easy for administrators to exercise the required requests in the workflow.

Once everything is set, you need to save, deploy, and test your Microsoft Teams workflow.

The primary function of the Microsoft Teams connector is to make it easy to manage user memberships and send messages in Microsoft Teams from your workflows. Other capabilities include adding, removing, and listing members in Teams and channels, sending messages in channels and chats, and making custom API calls to Microsoft Azure. Users can also define and use their own call to the Microsoft Teams REST API. Users can belong to three distinct groups:

• AD User Group — Microsoft 365 Groups is the cross-application membership service in Microsoft 365. At a basic level, a Microsoft 365 Group is an object in the Azure Active Directory with a list of members.

   

• A Team — A team in Microsoft Teams is a collection of channel objects. When you create a team, a Microsoft 365 group is generated to manage team members.

   

• A Channel — A channel represents a topic and therefore the logical isolation of discussion within a team.

DaVinci’s no-code environment makes it easy to perform different integrations, eliminating vendor lock-in and promoting best-of-breed practice. The Microsoft Teams connector and different nodes are developed via a drag-and-drop interface, making it possible to design, test, and deploy identity workflows in a short period. This removes conventional development constraints, such as operational costs and long development sprints. 

To best illustrate this, let’s look at some PingOne use cases that emphasize how connectors can help leverage the use of zero trust access approvals. 

Registration of Users

The Microsoft Teams connector makes it easy to manage each user’s membership and simplifies the addition of members to each group. The zero trust environment ensures continuous authentication and authorization of each user in each team and channel at each given time, and it ensures that no bad actors are allowed in either of the groups. 

Access Management

Administrators will have an easy time managing different users and revoking or granting request access with a few clicks. The connector allows the experience of administrative users to be more frictionless. 

Account Recovery

A member of a specific group can be accidentally removed or—due to the uncompromising nature of a zero trust environment—locked out for a security-related reason. PingOne identity orchestration simplifies the process of unlocking different member accounts and restoring memberships. 

Overall, PingOne DaVinci helps organizations build frictionless experiences for their users by making registration and access less grueling but more personalized. This helps create a good impression on new users and invites them to use your site more frequently. Additionally, progressively profiling users by asking them for information relevant to each phase they’re in is less overwhelming than overburdening them during registration.

The online tech market is becoming increasingly cultured. While this creates diverse business opportunities for organizations, different challenges also emerge. PingOne DaVinci is one of the solutions to the growing identity orchestration pain points across organizations. 

It’s painless to design seamless user experience workflow visuals for different use cases with no-code orchestration. This eliminates the traditional development restrictions, accelerating processes of design, testing, and deployment. Users can also complement the connectors with PingOne Authorize to provide zero-trust authentication. 

Reach out to the Ping Identity team to learn more about starting your identity orchestration journey with PingOne DaVinci.