Skip to main content
Deploy AI for Work directly inside your organization’s collaboration platforms and host applications. This guide covers integration with Microsoft Teams, Slack, and the Web/Mobile SDK, including architecture, prerequisites, and step-by-step configuration.

Microsoft Teams

AI for Work integrates with Microsoft Teams using Azure Bot Service, enabling users to access AI assistance, receive proactive notifications, and use Copilot features without leaving Teams.

When to Use

ScenarioDetails
Heavy Teams usageOrganizations using Teams as the primary hub for communication, meetings, and file sharing
Workflow integrationTeams needing AI assistance during active chats, meetings, or collaborative document sessions
Proactive notificationsBusinesses requiring AI-driven alerts, reminders, or time-sensitive updates delivered in Teams
Copilot enhancementCompanies extending standard Copilot with custom AI agents and specialized workflows

Architecture

The integration uses Azure Bot Service as the communication bridge: 
[AI for Work Platform] ↔ [Azure Bot Service] ↔ [Microsoft Teams]
ComponentRole
AI for Work PlatformProcesses user requests
Azure Bot ServiceRoutes messages between the platform and Teams
Microsoft TeamsUser-facing interface
Azure App RegistrationManages authentication and permissions

Prerequisites

RequirementDetails
Azure SubscriptionActive subscription with administrative privileges
Teams Admin AccessPermission to upload and manage custom apps in the Teams Admin Center
AI for Work AccountActive subscription with access to the Admin Console

Configuration

Follow these phases sequentially to ensure proper deployment and functionality. Phase 1: Initial Setup and Webhook Configuration Objective: Establish communication between AI for Work and Azure Bot Service.
  1. Log in to the Admin Console.
  2. Navigate to Channels > Microsoft Teams and Copilot.
  3. Copy and save the Webhook URL, to use in Azure Bot configuration later.
Phase 2: Azure Bot Service Creation Create and configure the Azure Bot that serves as the communication bridge. Create Azure Bot Resource
  1. Sign in to the Azure Portal.
  2. Click + Create a resource → Search for Azure Bot.
  3. Select Azure Bot and configure the following:
    • Bot Handle: Choose a unique name.
    • Subscription: Select your active subscription.
    • Resource Group: Create or reuse an existing group.
    • Pricing Tier: Select based on expected usage.
    • App Type: Select Multi-Tenant or Single-Tenant based on organizational needs.
Configure Bot Resource
  1. After deployment completes, click Go to resource and navigate to Configuration in the left sidebar.
  2. Paste the webhook URL copied from the AI for Work platform into the Messaging endpoint field and click Apply to save the configuration.
Phase 3: Authentication and Security Setup This phase varies based on your chosen App Type (MultiTenant vs SingleTenant). For MultiTenant Applications Generate Client Secret
  1. In Configuration, click Manage Password next to the Microsoft App ID. teams_1
  2. Go to Certificates & secrets+ New client secret. teams_2
  3. Enter description and expiry → Add.
  4. Copy the Value of the client secret (App Password).
  5. Record the Microsoft App ID and App Password for the Platform configuration.
For Single-Tenant Applications Follow the steps for Multi-Tenant setup. Also, note the Tenant ID for the Platform configuration. Phase 4: Enable Microsoft Teams Channel Integration Configure the bot to communicate with Microsoft Teams and enable Copilot integration.
  1. Navigate to Channels in the bot resource menu and locate the Available Channels section.
  2. Select the Microsoft Teams channel and M365 Extensions channel (required for Copilot integration), review channel information, and select Save. teams_3
The Web Chat channel isn’t supported for this integration, so keep it disabled.
Phase 5: Proactive Notifications Setup Enable the bot to send proactive notifications to users, which is essential for AI-driven interactions. Create App Registration for Notifications
  1. In the Azure Portal, navigate to App registrations and select + New registration.
  2. Register New Application:
    • Name: Provide a descriptive name (for example, Platform-Microsoft Teams-Notifications).
    • Supported account types: Choose based on organizational requirements.
    • Redirect URI: Leave blank for this use case.
  3. Select Register. teams_4
Add Microsoft Graph Permissions
  1. In the app registration, navigate to API permissions and select Add a permission. teams_5
  2. Select Microsoft GraphApplication permissions. Required Permissions: Add the following permissions for full functionality:
    • TeamsAppInstallation.ReadForUser.All
    • TeamsAppInstallation.ReadWriteSelfForUser.All
    • TeamsAppInstallation.ReadWriteForUser.All
    • User.Read.All
    • AppCatalog.Read.All
  3. Grant Admin Consent.
  4. Generate a Client Secret and note down App ID, Directory (Tenant) ID.
  5. Configure these values in AI for Work under Microsoft Teams & Copilot Channel Settings.
  6. Generate a JWT token for secure communication.
Phase 6: Configure AI for Work Platform Provide Azure Bot credentials to the Platform to establish secure communication.
  1. Navigate to the Admin Console.
  2. Locate Channels on the left pane.
  3. Select Microsoft Teams and Copilot.
  4. Enter the following credentials under Configuration:
    • Microsoft App Tenant ID: (SingleTenant only) The tenant ID from the bot’s app registration.
    • Microsoft App ID: The App ID from your Azure Bot resource.
    • App Password: The client secret from the bot’s app registration.
    teams_6
    • App ID of the Microsoft Teams App: The additional app credentials for sending Proactive Notifications.
    • Application (Client) ID: From the notifications app registration.
    • Client Secret: From the notifications app registration.
    • Delivery (Tenant) ID: From the notifications app registration.
    teams_7
Customization Options By default, the Microsoft Teams app appears with the name AI for Work, the standard logo, and the default description. Administrators can customize the application before publishing to Microsoft Teams:
  • App Name – Choose a custom display name for Microsoft Teams.
  • Logo – Upload an organization-specific logo.
  • Description – Provide a tailored description that reflects organizational context.
Copilot Enablement During configuration, you are prompted to Enable Copilot Integration. We recommended you to enable this option so that Teams users can access the Platform features using Copilot. Phase 7: Upload Custom App to Teams Admin Center Upload the Platform app package to the Teams Admin Center so it is available within your organization. Generate Application Package Upon configuring credentials in the Platform, generate and download the Teams application package (ZIP file). This package contains the app manifest and all required configurations for the integration. teams_8 Upload to Teams Admin Center Ensure you have the necessary admin permissions in the Teams Admin Center. Verify organizational policies allow custom app uploads.
  1. Sign in to Microsoft Teams Admin Center.
  2. Navigate to Teams appsManage apps.
  3. Click Upload new app and select the downloaded application package. Wait for upload and verify to complete. teams_9
Once uploaded, the app appears as a custom app within your organization’s Teams Admin Center. It is not published to the public Teams App Store. Configure App Permissions and Policies Review the uploaded application details and configure app permission policies as needed. Set up app setup policies for automatic installation (optional). Phase 8: User Access Configuration You can decide how to distribute the custom app within your organization:
  • Add App for All Users (Recommended) — Automatically installs the custom app for all employees in the organization. All users receive a notification in Microsoft Teams and a welcome message when the app is added.
Users must also be provisioned in the Account Hub of the Platform to access the app.
  • Let Users Add the App Themselves — The custom app is available in the organization’s app catalog within Teams. Users need to search for the app in the Apps section in Teams and add it manually. No automatic notifications or installations occur.
Users must be present in the Account Hub to use the app.
  • Add App for Selected Users or User Groups — Uses app setup policies to assign the app only to specific users or security groups. Selected users are automatically notified in Microsoft Teams and receive the welcome message. Other users can find and install the app from the organization’s app catalog if permitted by policy.
Selected users must also exist in the Account Hub for access.

Troubleshooting

Bot Not Responding in Microsoft Teams
  • Verify the webhook URL is correctly configured in Azure Bot.
  • Check that the Microsoft Teams channel is enabled and saved.
  • Validate client secrets haven’t expired.
Authentication Failures
  • Confirm admin consent is granted for all required API permissions.
  • Verify client secrets are copied correctly (Value, not Secret ID).
  • Check tenant ID matches between configurations.
App Upload Failures
  • Ensure you have proper admin permissions in the Teams Admin Center.
  • Verify the application package is not corrupted during download.
  • Check organizational policies allow custom app uploads.
Proactive Notifications Not Working
  • Verify that admin consent is granted for all required Microsoft Graph permissions.
  • Verify that the notification app registration client secret is valid.
  • Ensure JWT token generation is working correctly.

Slack

AI for Work integrates with Slack as a custom app, enabling users to perform work tasks, query enterprise knowledge, and interact with AI agents without leaving Slack. Slack channel overview

When to Use

ScenarioDetails
Seamless workflow integrationTeams needing AI assistance during active conversations, with persistent chat history and context retention
Enterprise knowledge accessOrganizations connecting users to knowledge repositories — documents, LLMs, and data-driven answers — within Slack channels
Heavy Slack usageRemote or hybrid teams that treat Slack as their central hub for communication and project coordination

Architecture

The integration uses Slack’s Developer Portal and OAuth authentication: 
[AI for Work Platform] ↔ [Slack App Configuration] ↔ [Slack Workspace]

Prerequisites

RequirementDetails
Slack WorkspaceActive workspace with administrative privileges
Slack Developer Portal AccessPermission to create and manage apps in your workspace
AI for Work AccountActive subscription with access to the Admin Console

Integration Lifecycle

PhaseSteps
Configuration and creationCustomize app details in the Admin Console to generate an App Manifest, then use the manifest to create the app in the Slack Developer Portal
Connection and securityPerform a credential exchange to link the platforms, then authorize the required permissions
RolloutDefine the welcome experience, then grant user access to onboarded employees

Configuration

Step 1: Configure App Display Settings
  1. Log in to the Admin Console.
  2. Navigate to ChannelsSlack. Slack channel navigation
  3. Open the Configuration page and set the following:
    SettingDescription
    App NameName users see when interacting with the app in Slack
    App DescriptionExplains the app’s capabilities; appears in the About section in Slack
    App display settings
If you change the app name or description after deployment, generate a new manifest and update the Slack app in the Developer Portal.
Step 2: Generate the App Manifest
  1. On the Configuration page, click Get Manifest.
  2. Copy the entire manifest code. Manifest generation
The manifest contains all permissions, features, and settings required for the Slack app. Step 3: Create the App in the Slack Developer Portal Access the portal
  1. Go to the Slack Developer Portal.
  2. Sign in with your workspace credentials.
  3. Click Your Apps. Slack Developer Portal
Create the app
  1. Click Create New App (or Create an App for first-time users).
  2. Select From a manifest.
  3. Select the target workspace from the Slack Workspace dropdown. Create app from manifest
Paste the manifest
  1. Paste the manifest code copied from the Platform.
  2. Click Next, review the configuration and permissions, then click Create.
Step 4: Configure App Credentials Retrieve credentials from Slack
  1. In the Slack Developer Portal, navigate to Basic Information in the left sidebar.
  2. Scroll to App Credentials and copy:
    • Client ID
    • Client Secret
    • Signing Secret
    App Credentials
Enter credentials in AI for Work
  1. Return to the Admin Console > App Credentials page.
  2. Paste the copied values into the corresponding fields.
  3. Click Authorize. Credentials configuration
Complete authorization
  1. Review the permission request that Slack displays.
  2. Click Allow.
On successful authorization, the app deploys to your Slack workspace and becomes visible to all onboarded users. Step 5: Customize the Welcome Experience
  1. In the Admin Console, navigate to the Welcome Experience page. Welcome Experience
  2. Configure the following:
    SettingDescription
    Welcome MessageIntroductory message users see when they first open the app
    Sample PromptsUp to four clickable prompts to help users start a conversation
  3. For each sample prompt, set:
    • Display Message — Text shown to users as the prompt button.
    • Actual Query — The complete query sent to the Platform when the user clicks the prompt.
  4. Click Save and Update. Changes take effect immediately for all users.
You can update the welcome experience at any time. Changes apply to all users immediately.
Step 6: Customize the App Icon (Optional)
  1. In the Slack Developer Portal, go to Basic InformationDisplay Information.
  2. Click Upload next to App Icon and select an image file.
  3. Optionally, set a Background Color.
  4. Click Save Changes. App icon customization

User Access Management

Only users who have onboarded to AI for Work can interact with the Slack app. Before deploying, ensure you:
  1. Invite all intended users to the Platform.
  2. Onboard users with the appropriate access permissions.
  3. Confirm users exist in both the Platform and the target Slack workspace.
Users in the Slack workspace who have not onboarded can see the app but receives an error when attempting to send a message.

Current Limitations

LimitationDetails
Single workspaceThe app deploys to one Slack workspace. Multi-workspace deployments require a separate app instance per workspace.
Direct messaging onlyThe app functions as a direct messaging interface. Adding the app to channels is not supported, and mentions in public or private channels do not trigger responses.

Web/Mobile SDK

AI for Work integrates with your web or mobile application through the Web/Mobile SDK, enabling AI chat, agent interactions, and enterprise knowledge access directly inside your product. Each SDK app you create has its own credentials, allowed domains, and authentication settings, so you can deploy independent integrations for different applications or environments.

When to Use

ScenarioDetails
Embedded assistantOrganizations that want to surface AI for Work inside their own web or mobile applications, instead of a separate channel
Customer-facing experiencesProducts needing AI chat, agent interactions, and knowledge lookup available to end users within the host app
Multi-app deploymentsTeams running several applications or environments (such as staging and production) that each require isolated credentials and domain rules
Custom UI requirementsUse cases where the assistant interface must match the host application’s branding and user experience

Architecture

The integration uses signed credentials and JWT-based authentication between the host application and the Platform: 
[Host Web/Mobile App] ↔ [Web/Mobile SDK] ↔ [AI for Work Platform]
ComponentRole
Host ApplicationThe web or mobile app where the SDK is embedded
Web/Mobile SDKPrebuilt library that renders the assistant interface and handles communication
App CredentialsClient ID, Client Secret, and JWT used to authenticate SDK requests
Allowed DomainsAllowlist that restricts which domains can load the SDK

Prerequisites

RequirementDetails
AI for Work AccountActive subscription with access to the Admin Console
Host ApplicationA web or mobile application where you can embed the SDK code and prebuilt libraries
Domain AccessThe domains where the SDK will run, ready to be added to the allowlist

Configuration

Each SDK app is created and managed independently from the SDK Apps page. You can create as many SDK apps as you need, each with its own credentials, allowed domains, and SDK setup. Step 1: Create an SDK App
  1. Log in to the Admin Console.
  2. Navigate to ChannelsWeb/Mobile SDK.
  3. On the SDK Apps page, click + Create New.
The new app opens to the configuration view with three sections in the left pane: App Credentials, Allowed Domains, and SDK Details.
You can return to the SDK Apps page at any time to view, edit, or delete existing apps.
Step 2: Configure App Credentials The App Credentials section provides the values your host application needs to authenticate with the Platform.
  1. Open the App Credentials section.
  2. Configure or copy the following values:
    FieldDescription
    App NameDisplay name for the SDK app. Used to identify the app in the SDK Apps list.
    Client IDSystem-generated identifier for the SDK app. Use the copy icon to copy the value.
    Client SecretSystem-generated secret used to sign JWTs. Use the copy icon to copy the value, or the refresh icon to regenerate it.
    JWT GenerationSample JWT payload structure showing the mandatory and optional claims required by the SDK.
  3. Click Continue.
Treat the Client Secret like a password. Regenerating the secret invalidates the previous value, and any host application using the old secret stops working until it is updated.
Step 3: Configure Allowed Domains The Allowed Domains section restricts which domains can load the SDK. Requests from any domain not on the list are blocked for security.
  1. Open the Allowed Domains section.
  2. Enter a domain in the Enter domain field (for example, https://example.com).
  3. Click + Add Domain.
  4. Repeat to add additional domains.
  5. To modify the list, edit any existing domain inline, or delete a domain to remove it.
  6. Click Continue.
Only configured domains are permitted to load the SDK. Add every domain where the SDK will be embedded, including staging and development environments.
Step 4: Set Up the SDK The SDK Details section provides the embed code and links to the prebuilt SDK libraries.
  1. Open the SDK Details section.
  2. Use the following resources to set up the SDK in your host application:
    • Web SDK — Click Download SDK to access the prebuilt Web SDK library and embed it in your web application.
    • Mobile SDK — Click Download SDK to access the prebuilt Mobile SDK library and embed it in your mobile application.
  3. Click Save.
Auto-Save Behavior All changes across App Credentials, Allowed Domains, and SDK Details are saved automatically. You don’t need to perform a manual save for each section — moving between sections preserves your changes.

Managing SDK Apps

From the SDK Apps page, you can:
  • View all SDK apps, including the creation date and the user who created them.
  • Edit an existing app to update credentials, allowed domains, or SDK setup.
  • Delete an app that’s no longer needed using the actions menu.
Deleting an SDK app immediately revokes its credentials. Any host application using those credentials will stop functioning.

Web SDK Integration through CDN

After creating an SDK app in the Admin Console, integrate the Web SDK chatbot widget into your web application using the CDN approach. This method embeds the widget directly into your website without installing any npm packages. Integration Flow The end-to-end integration follows five stages:
  1. Load the Web SDK through CDN.
  2. Authenticate the user (through SSO).
  3. Generate a JWT token.
  4. Exchange the JWT for an access token.
  5. Initialize the chatbot widget.
Integration Prerequisites Before starting, gather the following from the SDK app you created in the Admin Console, along with details from your host application:
RequirementSource
Client IDApp Credentials section of the SDK app
Client SecretApp Credentials section of the SDK app
Base URLPlatform environment (for example, https://work.kore.ai)
SSO Login EndpointPlatform URL constructed using the Client ID
API URLPlatform URL constructed using the Client ID
Presence URLPlatform base URL
User Profile APIHost application endpoint that returns the logged-in user’s details (for example, /api/users/me)
Never expose the Client Secret in production frontend code. In production, JWT generation must happen on the backend so that the secret stays server-side.
Step 1: Add Required CSS and JS Files Add the following inside the <head> section of your HTML page: 
<!-- SDK CSS -->
<link rel="stylesheet" href="https://staticqa-workassist.kore.ai/eva_sdk/1.0/dist/sdk-styles.css" />

<!-- SDK external library dependencies -->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@shoelace-style/shoelace@2.0.0/dist/themes/light.css">
<script type="module" src="https://cdn.jsdelivr.net/npm/@shoelace-style/shoelace@2.0.0/dist/shoelace.js"></script>
<link href="https://cdn.jsdelivr.net/npm/tom-select@2.4.3/dist/css/tom-select.css" rel="stylesheet">
<script src="https://cdn.jsdelivr.net/npm/tom-select@2.4.3/dist/js/tom-select.complete.min.js"></script>

<!-- React (peer dependency) -->
<script src="https://unpkg.com/react@18/umd/react.production.min.js"></script>
<script src="https://unpkg.com/react-dom@18/umd/react-dom.production.min.js"></script>
Step 2: Define Configuration Declare the SDK configuration values in your script. Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with the values from your SDK app. 
const CLIENT_ID = "YOUR_CLIENT_ID";
const CLIENT_SECRET = "YOUR_CLIENT_SECRET";
const USER_PROFILE_URL = "https://yoursite.example.com/api/users/me";
const SSO_LOGIN_URL = `https://work.kore.ai/api/1.1/sdk/${CLIENT_ID}/sso/login/`;
const API_URL = `https://work.kore.ai/api/1.1/sdk/${CLIENT_ID}/`;
const PRESENCE_URL = `https://work.kore.ai/`;
const JWT_EXPIRY = "5m";
Step 3: Fetch the Logged-in User Profile The SDK requires user details to complete SSO. Call your host application’s user profile API to retrieve them. 
const fetchJson = async (url, options = {}) => {
  const response = await fetch(url, options);
  if (!response.ok) {
    throw new Error(`Request failed: ${response.status}`);
  }
  return response.json();
};

const me = await fetchJson(USER_PROFILE_URL);
The response must include at least the user’s email, first name, and last name: 
{
  "Email": "john@example.com",
  "FirstName": "John",
  "LastName": "Doe"
}
Script Placement for Steps 4–6 Place all code from Step 4 through Step 6 inside a single <script> tag in the page footer, immediately before the closing </body> tag. Do not split these steps across multiple script blocks. 
<body>
  <!-- Your page content -->
  <script src="https://staticqa-workassist.kore.ai/eva_sdk/1.0/dist/eva-web-sdk.umd.js"></script>
  <script>
    // Step 4 to Step 6 code goes here in a single script block
  </script>
</body>
Step 4: Generate the SSO JWT Token Sign the JWT using the HS256 algorithm and the Client Secret. 
const { SignJWT } = await import("https://cdn.jsdelivr.net/npm/jose@5/+esm");
const secret = new TextEncoder().encode(CLIENT_SECRET);

const id_token = await new SignJWT({
  sub: me.Email,
  firstName: me.FirstName,
  lastName: me.LastName,
  clientId: CLIENT_ID
})
  .setProtectedHeader({ alg: "HS256", typ: "JWT" })
  .setIssuedAt()
  .setExpirationTime("5m")
  .sign(secret);
In production, move JWT generation to your backend so that the Client Secret never reaches the browser.
Step 5: Exchange the JWT for an Access Token Send the signed JWT to the SSO login endpoint and retrieve the access token and user ID. 
const ssoResponse = await fetchJson(SSO_LOGIN_URL, {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ id_token })
});

const accessToken = ssoResponse.authorization.accessToken;
const userId = ssoResponse.userInfo.id;
Step 6: Initialize the Chatbot Widget Initialize the widget with the access token and user ID returned from the SSO exchange. Once initialized, the chatbot automatically appears on the page. 
EvaSDK.chatBot.init({
  accessToken,
  api_url: API_URL,
  presence_url: PRESENCE_URL,
  userId,
  title: "ChatBot",
  showHistory: true
});

EvaSDK.chatInterface.configure({
  disableAppAvatar: true
});
Complete Bootstrap Example The following function combines all steps into a single bootstrap routine: 
const bootstrapSdk = async () => {
  try {
    const me = await fetchJson(USER_PROFILE_URL);

    const { SignJWT } = await import("https://cdn.jsdelivr.net/npm/jose@5/+esm");
    const secret = new TextEncoder().encode(CLIENT_SECRET);

    const id_token = await new SignJWT({
      sub: me.Email,
      firstName: me.FirstName,
      lastName: me.LastName,
      clientId: CLIENT_ID
    })
      .setProtectedHeader({ alg: "HS256", typ: "JWT" })
      .setIssuedAt()
      .setExpirationTime("5m")
      .sign(secret);

    const ssoResponse = await fetchJson(SSO_LOGIN_URL, {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({ id_token })
    });

    const accessToken = ssoResponse.authorization.accessToken;
    const userId = ssoResponse.userInfo.id;

    EvaSDK.chatBot.init({
      accessToken,
      api_url: API_URL,
      presence_url: PRESENCE_URL,
      userId,
      title: "ChatBot",
      showHistory: true
    });
  } catch (error) {
    console.error("SDK bootstrap failed:", error);
  }
};

bootstrapSdk();

Testing Checklist

Before going live, verify the following:
  • The user profile API returns the expected data.
  • The JWT is generated correctly.
  • The SSO endpoint returns an access token.
  • The chatbot loads without console errors.
  • Conversation history is preserved across sessions.
  • The presence connection is successful.
Once all checks pass, the chatbot loads on the page, the user is auto-authenticated, chat history is preserved, and SSO authentication remains secure.