3

I want to develop and publish a bot for Teams, to interface with my SaaS (I already have a Slackbot that I'm porting). I'm creating a Bot Channel Registration as per this guide and came across the choice of whether to auto-generate a new App Id and password, or manually registering one (described here). I already have an Azure AD app for my SaaS that is published to the AppSource marketplace (the integration currently mainly allows logging in with your M365 account and syncing users from AD). Is it possible, and would it make sense to use the same App ID for the bot I'm developing for the same SaaS? Or is it somehow not advisable? And relatedly, can I expand my existing listing on AppSource to also contain the new bot, or should this be a separate listing?

I noticed in the documentation for manual registration of a bot, that it says that bots only work with "Accounts in any organizational directory and personal Microsoft accounts (e.g. Xbox, Outlook.com)" - my existing app only works with organization accounts, not personal accounts (since it's a B2B app) - does that change things?

Dev
  • 2,428
  • 2
  • 14
  • 15
Martin Gjaldbaek
  • 2,987
  • 4
  • 20
  • 29

2 Answers2

2

Perhaps consider the question the other way - is there any good reason TO re-use the app ? It's very easy and basically free to create an additional app, and that way you don't run the risk of possibly ending up with settings needed for one scenario that conflict with another scenario's requirements, now or in the future. Here are some other possible considerations though:

  1. new apps require Publisher verification, since 9 Nov 2020. This won't affect you for an internal app, which can be consented to by a global admin.

  2. If you need the user (or admin) consent for some set of privileges (e.g. delegated Graph access), then using the same app might make sense. An example, in a Teams context, might be a bot and a tab that both need to access something from the Graph on the user's behalf. You could get consent in one context, and use it to access the resources from both contexts.

In a nutshell, and especially without a really really good idea of both of your current and planned use cases, it's hard to give a really solid 'yes' or 'no'. My gut says go with a separate app for a separate, unrelated scenario though.

Hilton Giesenow
  • 9,809
  • 2
  • 10
  • 24
  • Thanks for the answer. Regarding your point 2. I do require Graph access for my bot to be useful, so it requires a superset of the permissions my existing app is using. OTOH I still want my existing app to be usable without Teams (it's using the "default permissions" admin consent flow and I don't want to mix in bot permissions into that) so it sounds like a separate app ID with a superset of permissions is the way to go. – Martin Gjaldbaek Dec 04 '20 at 13:42
  • sounds good. As discussed, there's no cost for an additional app, so it's really just about potential inconvenience for a user to consent twice. If that's not even applicable (same user won't be using both apps), then definitely two apps is better – Hilton Giesenow Dec 05 '20 at 15:55
1

  • Reusing the same appid against any other B2B won't create any problem. Being said that you can't use the above app if you're planning to implement/use BOT framework with it, as it's registered for organization only.

  • If you plan to create BOT related app registration then i would suggest you to create new app registration with Organization + personal for you scenario.

  • Please see the documentation and it's disclaimer: enter image description here

In the above document it's pretty clear if you create any other app registration (other than Organization + personal), then the BOT will be unusable.

Dev
  • 2,428
  • 2
  • 14
  • 15