Guia: Azure Bot Service, App Registration, SSO e Teams App Manifest

Ambiente: Staging (homologação) Pré-requisitos: Azure CLI instalado e autenticado (az login), acesso de Application Administrator e ao Teams Admin Center do tenant piloto.

1. Criar App Registration (Azure AD)

Via Portal Azure

1. portal.azure.com → Azure Active Directory → App registrations → New registration
2. Preencha:
   • Name: bi-agent-staging
   • Supported account types: Accounts in this organizational directory only
   • Redirect URI: deixar em branco por ora
3. Copie e guarde:
   • Application (client) ID → BOT_APP_ID
   • Directory (tenant) ID

Criar Client Secret

1. Certificates & secrets → New client secret
2. Descrição: bi-agent-staging-secret, expiração: 12 ou 24 meses
3. Copie o valor imediatamente → BOT_APP_PASSWORD

Configurar API permissions (SSO)

1. API permissions → Add a permission → Microsoft Graph → Delegated
2. Adicionar: User.Read, openid, profile, email
3. Grant admin consent (requer Global Admin)

2. Criar Azure Bot Service

1. portal.azure.com → Create a resource → Azure Bot → Create
2. Preencha:
   • Bot handle: bi-agent-staging
   • Pricing tier: F0 (staging gratuito), S1 (produção)
   • Type of App: Use existing app registration
   • App ID: Application (client) ID do passo 1

Configurar Messaging Endpoint

1. Azure Bot → Configuration → Messaging endpoint
2. Valor: https://<api-gateway-url>/api/messages
   • URL de staging: saída do serverless deploy → output HttpApiUrl

Habilitar canal Microsoft Teams

1. Azure Bot → Channels → Microsoft Teams → Apply

3. Configurar GitHub Secrets

Após criar a App Registration, cadastre no GitHub environment staging:

Secret	Valor
BOT_APP_ID	Application (client) ID
BOT_APP_PASSWORD	Client secret

gh secret set BOT_APP_ID --env staging --repo <org>/bi_agent --body "<value>"
gh secret set BOT_APP_PASSWORD --env staging --repo <org>/bi_agent --body "<value>"