Configuring Microsoft Teams Meetings
Before Vault CRM admins configure this functionality, Microsoft Global Administrators must grant tenant wide consent to the Vault CRM App in the Azure tenant from the Vault CRM-hosted webpage.
This allows the app to do the following:
- Create, read, update and delete events in all calendars the user has permission to access. This includes delegate and shared calendars. Required for Integrating My Schedule and Microsoft Outlook Calendars.
- Read users’ primary email addresses
- Read and create online meetings on behalf of the signed-in user. Required for Configuring Microsoft Teams Meetings.
- Read online meeting artifacts on behalf of the signed-in user. Required for Configuring Microsoft Teams Meetings.
- Send Channel Messages on behalf of the signed-in user. Required for Microsoft Teams Channels for Service Center.
- Create and read Teams members. Required for Microsoft Teams Channels for Service Center.
- Create groups and read all group properties and memberships on behalf of the signed-in user. Required for Microsoft Teams Channels for Service Center and Microsoft OneNote for Service Center.
- Read, share, and modify OneNote notebooks the signed-in user has access to in the organization. Required for Microsoft OneNote for Service Center.
- Create, read, update, and delete mail a user has permission to access, including their own and shared mail
- See and update the data you gave it access to, even when users are not currently using the app
- See basic user profile information when the user signs in with their work or another account
- Read the full set of profile properties, reports, and managers of other users in the organization, on behalf of the signed-in user
Ensure the Vault CRM Graph API integration is granted the following permissions:
- User.Read
- Calendars.ReadWrite
- Calendars.ReadWrite.Shared
- ChannelMessage.Send
- OnlineMeetingArtifact.Read.All
- OnlineMeetings.ReadWrite
- Group.ReadWrite.All
- Notes.ReadWrite.All
- Mail.ReadWrite.Shared
- TeamMember.ReadWrite.All
- offline_access
- openid
- profile
Multiple Vault CRM Vaults can connect to the same Microsoft tenant.
Granting tenant wide consent enables Vault CRM to request information through the Microsoft Graph API, but it does not provide access to Microsoft Office 365 information. The Vault CRM Microsoft Integration uses Microsoft's best practices for authorization (authZ), authentication (OpenId Connect over OAuth 2), data in transit (HTTPS and TLS 1.2+ encryption) and data at rest. Only Microsoft has access to user credentials.
For more control over the integration from the Microsoft side, admins can assign the application to specific users or groups of users, instead of granting access to all users. For more information on assigning applications to Microsoft groups, see Microsoft's Manage users and groups assignment documentation.
Configuring the Microsoft Teams Integration in Vault CRM for
Business Admins
To configure MS Teams for business admins:
- Navigate to Admin > Users & Groups > Permission Sets.
- Select the permission set for the appropriate user profile.
- Select the Objects tab.
- Grant the following permissions:
Object
Object Permission
Object Types
Fields
Field Permission
engage_link_settings__v
CRE
n/a
- company_logo__v
- engage_link_apps__v
Edit
remote_meeting_attendee__v
R
call__v
All fields
Read
remote_meeting__v
R
ms_teams_call_meeting__v
- meeting_id__v
- meeting_name__v
- meeting_password__v
- mobile_id__v
- ms_teams_meeting_external_id__v
- ms_teams_meeting_link__v
- scheduled__v
- scheduled_datetime__v
- vexternal_id__v
Read
sent_message__v
R
remote_meeting_invite_link__v
- call_vod
- capture_datetime__v
- engage_link__v
- mobile_id__v
- sent_from_platform__v
- sent_via__v
- transaction_type__v
- user__v
Read
user__sys
RE
n/a
- enable_ms_teams__v
Edit
user_detail__v
R
n/a
remote_meeting_name__v (optional; edit this field to change the default Meeting Topic text for remote meetings)
Read
End Users
Admins can use the Engage End User permission set to easily configure MS Teams for end users.
To configure MS Teams for meeting hosts (end users):
- Ensure Configuring Call Reporting is complete and Engage licenses are provisioned for the appropriate Vaults.
- Navigate to Admin > Users & Groups > Permission Sets.
- Select the permission set for the appropriate user profile.
- Select the Admin tab.
- Grant Manage User Object permission in the Users table in the Security section.
- Select the Objects tab.
- Grant the following permissions:
Object
Object Permission
Object Types
Fields
Field Permission
call2__v
CRE
All applicable object types
- modified_date__v
- ownerid__v
Read - call_datetime__v
- duration__v
- ms_teams_remote_meeting__v
- remote_meeting_type__v
Edit
engage_link_settings__v R
n/a - modified_date__v
- setupownerid__v
Read remote_meeting__v
CRE
ms_teams_call_meeting__v
- modified_date__v
- ownerid__v
Read - latest_meeting_start_datetime__v
- meeting_id__v
- meeting_password__v
- meeting_name__v
- mobile_id__v
- ms_teams_meeting_external_id__v
- ms_teams_meeting_link__v
- scheduled__v
- scheduled_datetime__v
- vexternal_id__v
Edit
sent_message__v
CRE
remote_meeting_invite_link__v
- modified_date__v
- ownerid__v
Read - call__v
- capture_datetime__v
- engage_link__v
- mobile_id__v
- sent_from_platform__v
- sent_via__v
- transaction_type__v
- user__v
Edit
user__sys
n/a n/a
enable_ms_teams__v Read
user_detail__v
CRE n/a
- modified_date__v
- ownerid__v
Read remote_meeting_name__v (optional; edit this field to change the default Meeting Topic text for remote meetings)
Edit
- Grant View permission to the General Call (general_call_section__v) object control on the call2__v object.
- Navigate to Admin > Configuration > Objects > Call > Layouts.
- Place the General Call section on the call2__v object layout used for Microsoft Teams meetings.
- Select the Enable Remote Meeting section attribute for the General Call section to display the Microsoft Teams meeting user interface.
- Add the meeting_name__v field to the ms_teams_call_meeting__v layout on the remote_meeting__v object and set the meeting_name__v field to read-only (optional; this prevents users from editing the Meeting Name in the meeting information modal on the call report).
- Enable the ms_teams_join_url__v picklist value for the transaction_type__v field for the remote_meeting_invite_link__v object type on the sent_message__v object.
- Navigate to Business Admin > Objects > Engage Link Settings.
- Populate the engage_link_apps__v Engage Link Setting with the ENGAGE_LINK_APPS;;EngageLink Veeva Message.
- Navigate to Business Admin > Objects > Veeva Messages.
- Select the ENGAGE_LINK_APPS Veeva Message record.
- Populate the Text field with a list of sharing options available for end users using the format App1;;App2. The sharing options display in the order defined in this field. Available values are:
- Messages
- LINE
- LINEWORKS
- CopyURL (includes QR Code®)
- Select the checkbox for the enable_ms_teams__v field on the user__sys record for each user who should have access to this functionality.
- Ensure the following VMOCs are enabled for the appropriate platforms:
- call2__v
- engage_link_settings__v
- message__v, with the following where clause:
- CRM Desktop (Windows) platform - WHERE language__vr.admin_key_sys CONTAINS (@@USER_LANGUAGE_CODE@@,'en') AND category__v CONTAINS ('RemoteMeeting', 'iPad', 'CONTENT', 'CLM'; 'Common', 'EngageLink', 'engage__v')
- Other platforms - WHERE language__vr.admin_key_sys CONTAINS (@@USER_LANGUAGE_CODE@@,'en') AND category__v CONTAINS ('RemoteMeeting', 'iPad', 'CONTENT', 'CLM'; 'Common', 'EngageLink'))
- remote_meeting__v
- sent_message__v
- user_detail__v (optional; to change the default Meeting Topic text for remote meetings)
Configuring User Attendees
To configure MS teams for user attendees:
- Navigate to Admin > Users & Groups > Permission Sets.
- Select the permission set for the appropriate user profile.
- Select the Objects tab.
- Grant at least the following permissions:
Object
Object Permission
Object Types
Fields
Field Permission
call2__v
n/a
n/a
- call_datetime__v
- ms_teams_remote_meeting__v
- remote_meeting_type__v
Read
remote_meeting__v
R
ms_teams_call_meeting__v
ms_teams_meeting_link__v
Read
- Navigate to Admin > Configuration > Objects > Call > Layouts.
- Select the Enable Remote Meeting section attribute for the General Call section on the call2__v object layouts to display the Microsoft Teams meeting user interface.
- Navigate to Business Admin > Objects > VMobile Object Configurations.
- Ensure the following VMOCs are enabled for the appropriate platforms:
- call2__v
- remote_meeting__v
- user_detail__v (optional; to change the default Meeting Topic text for remote meetings)
Ensure user attendees have visibility to call reports where they are added, and that they are able to sync calls.
Testing the Microsoft Teams Integration as
Business Admin Users
For Sandbox testing, connect the Sandbox Vault with a test Microsoft Teams account. Within a Vault, each Microsoft Teams account can only be connected to one user, and vice versa. The same Microsoft Teams account cannot be used for multiple users.
Using multiple Microsoft accounts for the same user is not supported. This means once a user is authenticated with one Microsoft account, the same user cannot be re-authenticated with a different Microsoft account. To re-authenticate the user with a different Microsoft account, admins must contact Veeva.
If authentication errors occur, check your organization’s IT logs and policies, and contact Veeva.
