Skip to main content

Customer Tenant Deployment Steps

In this model, Altoura deploys the Remote Expert backend and Teams web app into your Azure tenant. You still configure the multitenant app in App registrations.

Step 1: Create the Multitenant App Registration

  1. Open Entra admin center -> Identity -> Applications -> App registrations.
  2. Click New registration.
  3. Set:
    • Name: Altoura Remote Expert (or your naming standard)
    • Supported account types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
  4. Click Register.
  5. Save:
    • Application (client) ID
    • Directory (tenant) ID

Step 2: Configure Authentication Callback

  1. Open app registration -> Authentication.
  2. Add the callback/redirect URI provided by Altoura for your customer-tenant deployment URL.
  3. Save changes.

Step 3: Configure Expose an API

This is what enables Teams SSO to request a token for your app’s API. If it is missing, Teams sign-in fails with an error that Azure AD “can’t find the resource.” Set the Application ID URI
  1. Open app registration -> Expose an API.
  2. Next to Application ID URI, click Set and use the pattern:
api://<your-custom-app-host>/<application-client-id>
Replace <your-custom-app-host> with your deployed Azure Web App host and <application-client-id> with the Application (client) ID from Step 1 (Altoura confirms the exact value for your deployment). Add a scope
  1. Click Add a scope and set:
    • Scope name: access_as_user
    • Who can consent: Admins and users
    • Admin consent display name: Access as user
    • Admin consent description: Allow the Teams app to access this API on behalf of the signed-in user
    • State: Enabled
  2. Click Add scope.
Add the Teams client applications
  1. Click Add a client application and pre-authorize each Microsoft Teams client (add both), checking the access_as_user scope for each:
    • 1fec8e78-bce4-4aaf-ab1b-5451cc387264 (Teams desktop / mobile)
    • 5e3ce6c0-2b1f-4285-8d4b-75ee78787346 (Teams web)
These Teams client IDs are fixed Microsoft values, so this step does not depend on the Teams app package. You add one more client application here — the Teams app’s own Object ID — after the app is uploaded (Step 10).

Step 4: Add Microsoft Graph API Permissions

  1. Open app registration -> API permissions -> Add a permission -> Microsoft Graph -> Delegated permissions.
  2. Add:
    • OnlineMeetings.ReadWrite
    • Chat.ReadWrite
    • Contacts.Read
    • User.Read.All
    • User.Read
    • offline_access
Add the permissions now. You grant admin consent at the end of setup (Step 10), after the Teams app is uploaded and its Object ID is added.

Step 5: Deploy an Azure Communication Services (ACS) Resource

  1. Create/deploy an ACS resource in your Azure subscription.
  2. From ACS Keys, copy:
    • ACS Connection string
    • ACS Endpoint

Step 6: Provide Details to Altoura

Share these values securely. Altoura uses them to generate your tenant-specific Teams app package:
ValueWhere to Find
Application (client) IDApp registration -> Overview
Directory (tenant) IDApp registration -> Overview
Deployed app host URLYour custom Azure Web App URL for the tenant deployment
Redirect URI(s) configuredApp registration -> Authentication
Application ID URI / scope detailsApp registration -> Expose an API
ACS Connection stringACS resource -> Keys
ACS EndpointACS resource -> Keys

Step 7: Network Configuration (Customer URL)

Whitelist the custom Azure Web App URL deployed in your tenant by Altoura.
URLProtocolPurpose
<your-custom-app-host>HTTPS (443)Customer-hosted Teams app and backend endpoints
Altoura will provide the exact URL for your environment.

Step 8: Teams App Package (Generated by Altoura)

Using the details you shared in Step 6, Altoura generates a tenant-specific Teams app package (.zip) preconfigured for your customer-hosted environment. You do not author or edit the manifest yourself. For reference, Altoura maps these manifest values from your app registration:
  • webApplicationInfo.id = Application (client) ID
  • webApplicationInfo.resource = Application ID URI from Expose an API
  • Hosted URLs / validDomains = your custom Azure Web App URL

Step 9: Upload the Teams App Package

  1. Open Teams Admin Center -> Teams apps -> Manage apps.
  2. Upload the tenant-specific .zip package provided by Altoura.
  3. Confirm app status is Allowed.
  4. Configure Setup policies to pre-install/pin the app in Meeting Extensions.
The provided package is preconfigured for your customer-hosted app URL. Now that the Teams app is uploaded, finish the app registration and grant consent.
  1. In Teams Admin Center -> Teams apps -> Manage apps, open the Altoura Remote Expert app and copy its Object ID.
  2. Go to Entra admin center -> App registrations -> your multitenant app -> Expose an API -> Authorized client applications.
  3. Click Add a client application, add the Teams app Object ID, check the access_as_user scope, and save. (This is in addition to the two Microsoft Teams client IDs added in Step 3.)
  4. Go to API permissions and click Grant admin consent.
  5. Verify all required permissions show Granted.