KanBo Installation on Microsoft 365 and Azure (Manual)

Table of Contents

Introduction

Purpose

By installing KanBo as a Microsoft 365 groups extension, you can integrate KanBo more deeply with Microsoft Teams, Outlook, and Yammer. KanBo will use the same documents as the group, and vice versa. KanBo will also inherit user management from the Microsoft group to which the KanBo space is attached.

Prerequisites

KanBo installation package, KanBo.JobHost package and KanBoRM (Resource Management) package,
A Microsoft 365 Business Basic environment (or a higher version) with administrator access,
Administrator access to the Azure portal,
One SQL Database,
Having a custom domain and SSL certificate for your KanBo,
An Elasticsearch instance on your Azure.
To follow all the instructions in KanBo, you will need the Setup KanBo role.

Creating the sites for KanBo and KanBo Resource Management

1. Creating a web app

To create a web app, go to this page.
Select + Create.

Choose your Subscription.
Choose your Resource Group (we recommend creating a new one named "Kanbo").
Provide the name URL of your site, in our case, it will be "kanboinstallation".
Leave the publish on "Code".
Select the closest region.
Select your Windows Plan and resize it to at least B1.

Select Review + create and create the web app.
Repeat the same process when creating the Resource Management app. Make sure You are using the same Resource Group and Pricing Plan.

2. Configuring a custom domain and SSL certificate for web app

For this integration, you must have a custom domain attached to your KanBo. It is not possible to run it on the default *.azurewebsites.net address.

Follow the Microsoft TechNet manuals below to configure a custom domain and SSL certificate for the web app.*

To attach a custom domain:
– Map an existing custom DNS name to an Azure Web App
– Bind an existing custom SSL certificate to Azure Web Apps

*This step is only necessary for KanBo. Resource Management doesn’t require a custom domain.

3. Configuring the new web app

Once the page has been created, we will need to adjust some settings.

Go back to the App Services page.
Select your page to navigate to its options.

Scroll the menu down and select Configuration > General Settings.
Make sure the Web Sockets option is on, the platform is set to 64-bit, and the .NET version is set to .NET 8.
Save your changes.

4. Creating an SQL database

Enter the link to create an SQL Database.
Select Create and follow these steps:
1. Choose the same Subscription and Resource Group as your KanBo Service.
2. Choose the name for the database
3. Choose the Database server (we recommend creating a new one called "KanBo")
4. For compute and storage, select basic. You can scale it up later (information about optimal sizing can be found at the end of the article).

5. Configuring the DB connectivity

Use the Azure portal to obtain the connection string necessary for your web app to connect with Azure SQL Database.

Select SQL Databases icon and then, search for your database.

Select your database, then select Show database connection strings.

Copy the ADO.NET connection string and save it somewhere.

Configuring Microsoft Graph Connectivity

Access Azure Active Directory by visiting this page.
Select Azure Active Directory and then select App Registrations.

Select + New registration.

Choose a name for your app registration.
Select the Redirect URI as "Web" and write down a link that looks like this: https://YOUR KANBO ADDRESS/auth/aad/return

Select Register to save the changes.
After the app registration is finished, go to API Permissions.

Select Add a permision, and then select Microsoft Graph.

There are two permission options: delegated and application. Below is a list of permissions that must be added from both options.

Application permissions:

AppCatalog.Read.All
AppCatalog.ReadWrite.All
Calendars.ReadWrite
ChannelMember,ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
Files.Read.All
Files.ReadWrite.All
Group.Read.All
Group.ReadWrite.All
Mail.Read
Mail.ReadWrite
Mail.Send
Sites.Read.All
Team.ReadBasic.All
TeamMember.ReadWrite.All
TeamsActivity.Send
TeamsAppInstallation.ReadForUser.All
TeamsAppInstallation.ReadWriteForTeam.All
TeamsAppInstallation.ReadWriteForUser.All
TeamSettings.ReadWrite.All
User.Invite.All
User.Read.All

Delegated Permissions:

AppCatalog.ReadWrite.All
Calendars.Read
ChannelMember.ReadWrite.All
Directory.AccessAsUser.All
Directory.Read.All
Directory.ReadWrite.All
email
Files.Read
Files.Read.All
Files.ReadSelected
Files.ReadWrite
Files.ReadWrite.All
Files.ReadWrite.AppFolder
Files.ReadWrite.Selected
Group.ReadWrite.All
Mail.Read
Mail.ReadWrite
Sites.Read.All
Team.ReadBasic.All
TeamMember.ReadWrite.All
TeamsActivity.Send
TeamsAppInstallation.ReadForUser
TeamsAppInstallation.ReadWriteForUser
TeamSettings.ReadWrite.All
User.Read
User.Read.All
User.ReadBasic.All
User.ReadWrite
User.ReadWrite.All

Once all the permissions have been selected and added, select Grant admin consent for KanBo.
Create a pair of self-signed certificates using this manual.

Go to Certificates & secrets section in App registrations to register a certificate.

Select Upload public key and select your .cer certificate.
Select Save.

Your certificate should be now visible.

Go back to Overview.
Get the application ID and directory (tenant) ID, and save them for later, as they will be used in the KanBo configuration.

Uploading the certificate to KanBo

Go back to your KanBo Azure web app, go to TLS/SSL settings, then and then go to Private Key Certificates (.pfx).
Select + Upload certificate.

Provide the password and upload it.

Copy the certificate's thumbprint.

Open Configuration, and then select + New application setting.

The setting's name should be WEBSITE_LOAD_CERTIFICATES. The value should be the Thumbprint of certificate.
Save it.

In the Bindings settings activate HTTPS only.

Adjusting the KanBo configuration

Some areas in the appsettings.json files of the KanBo and Resource Management apps need to be filled out. Let’s start with KanBo.

Paste the previously copied ADO.NET connection string in place of “FILL ME,” leaving the quotation marks intact.

Modify the line by entering the password and adding “MultipleActiveResultSets=True;” at the end of the connection string.

You can set the default language for new KanBo users by changing the “lang” variable. The possible languages are:

de-DE – German
de-AT – Austrian German
en-US – United States English
en-GB – United Kingdom English
en-AU – Australian English
en-CA – Canadian English
es-ES – Spanish
pl-PL – Polish

   {
    "type": "set-language-for-new-users",
    "lang": "de-DE"
   },

The “value” variable should contain the full URL of your KanBo (e.g., https://mykanbo.azurewebsites.com/)

   {
    "type": "server-url",
    "value": "FILL-ME"
   },

The “client-id” and “tenant” fields should contain the client ID and directory (tenant) ID copied from your Azure Active Directory app registration.
The “thumbprint” field should contain the thumbprint of the certificate you created.
The “admin-upn” field should contain your Azure email address (e.g., admin@company.com).

  {
    "type": "package",
    "name": "auth-aad",
    "client-id": "FILL-ME",
    "tenant": "FILL-ME",
    "thumbprint": "FILL-ME",
    "admin-upn": "FILL-ME"
   },

This is necessary for KanBo Webjobs to function. Enter the same thumbprint that you used for the “auth-aad” package here.

 {
    "type": "package",
    "name": "webjobs",
    "thumbprint": "FILL-ME"
   },

This is where we set up the future connection to Resource Management.

Replace “CERTNAME” with the name of your generated certificate in both places.
Replace “CERTPASS” with the password for your generated certificate.
Replace “RM-APP-URL” with the URL of the Resource Management web app you created.

/*RESOURCE MANAGEMENT*/
   
   {
        "type": "auth.oauth",
        "issuer": "rmkanbo",
        "children": [
          [
            "cert",
            {
              "type": "X509SignerFromFile",
              "file": "C:/home/site/wwwroot/Certificates/CERTNAME",
			  "key": "CERTPASS"
            }
          ]/* client will go here */
        ]
      },
	  {
        "type": "resource-mgmt",
        "issuer": "rmkanbo",
        "rm-uri": "https://RM-APP-URL/api",
        "children": [
          [
            "cert",
            {
              "type": "X509SignerFromFile",
			  "file": "C:/home/site/wwwroot/Certificates/CERTNAME",
			  "key": "CERTPASS"
            }
          ]
        ]
      },

Save the appsettings.json file. Then, open it in the Resource Management package.

{
  "ConnectionStrings": {
    "Database": "CONNECTION-STRING"
  },

Use the same connection string here that you used for the KanBo app.

"KanboApi": {
    "Url": "https://KANBO-URL",
    "ClientId": "",
    "ClientSecret": "",
    "CallbackPath": "/oauth/callback",
    "AuthorizationEndpoint": "https://KANBO-URL/auth/rmkanbo/code",
    "TokenEndpoint": "https://KANBO-URL/auth/rmkanbo/token",
    "Scope": "kanbo.id"
  }
}

Replace every KANBO-URL with the URL of the KanBo App you created.

Uploading the KanBo packages

Navigate to the Azure website KUDU service for your KanBo app (add .scm before azurewebsites.net e.g https://mykanbo.scm.azurewebsites.net).
Select Debug console > PowerShell.
Enter the "site" folder and create 2 new folders called "Certificates" and "Templates".
Upload the certificates you created to the "Certificates" folder.
Zip up all your KanBo app files (but don't include the folder!).
Go to the "wwwroot" folder and drag and drop your .zip archive into the top right part of the KUDU service to unzip its contents.

Uploading the Resource Management package

The process is similar to uploading the KanBo files. First, pack your Resource Management package into a .zip file. Then, go to the Kudu tools of the Resource Management app and upload the package by dragging and dropping it to the right.

Creating the databases

Go to https:{your kanbo address}/setup and you will be directed to the KanBo Setup page.
Select Start simple setup.

The KanBo Setup installation will now proceed. Please wait a few minutes until it is finished.

Obtaining the license key

To obtain a KanBo license ID, select Show Advanced Setup.

Select the Refresh button near the License ID field.

Send the KanBo ID to support@kanboapp.com, so a license key can be generated and sent to you.
Go back to the appsettings.json and paste the license key in the "LicenseKey" variable.

Save the appsettings.json file and restart the KanBo app.

Your KanBo has been successfully installed, but there is still some work to be done.

Configuring KanBo and Resource Management connection

Restart the KanBo app in Azure

Enter a URL like this: https://YOURKANBOURL/auth/rmkanbo/newclient

You should be presented with a page that looks like this:

There are two parts. The first is the “Client config,” which goes into the appsettings.json file of the KanBo app. The second is the “OAuth2 config,” which goes into the appsettings.json file of the Resource Management app.

For the KanBo side, you can find this comment in the appsettings.json file.

/* client will go here */

Replace it with a comma and paste the Client config.

There are a couple of things to note. First, the “client” variable needs to be renamed “id.” Second, the “url” value needs to be changed to the URL of your Resource Management app. Finally, the “name” value needs to contain something identifiable (like “My KanBo Resource Management”).
As for the Resource Management app’s appsettings.json file, you can scroll to the bottom and find the empty “ClientId” and “ClientSecret” variables. Paste the “OAuth2 config” client ID and client secret inside their quotation marks.
After configuring and saving all the appsettings.json files, restart both apps, starting with the Resource Management app.

Connecting the KanBo App to the Resource Management App

Go to the setup page of your KanBo once again (https://YOURKANBBOURL/setup).
You will find a new Resource Management tab there.

You should see four checks passing and one failing: the Schema Validation. If you experience different results, please check that you have pasted everything correctly.
Select Initialize RM content database.
If all the checks show as “PASSED,” you have successfully connected the KanBo app to the Resource Management app.

Creating Sync Jobs

Three web jobs need to be created for KanBo to sync Azure Active Directory profiles and M365 groups. Along with the web.zip file, you will receive a KanBo.JobHost.zip file. This file contains its own appsettings.json that we will need to edit. There are three sections to modify: M365 Group, M365 Group Delta, and M365 Profile.

1. M365 Group Sync

Responsible for syncing M365 groups with KanBo.

You will need to paste the same connection string used in your KanBo app’s settings.json file here.

"ConnectionStrings": {
    "KanBo": "FILL-ME"
  },

{
    "type": "package",
    "name": "auth-aad",
    "client-id": "FILL-ME",
    "tenant": "FILL-ME",
    "thumbprint": "FILL-ME"
   },
   {
        "type": "package",
        "name": "kanbo-api",
        "url": "FILL-ME",
        "thumbprint": "FILL-ME"
      },
      "security-group-sync-source.graph",
      {
        "type": "jobs",
        "name": "ext-groups",
        "children": [
          {
            "type": "job.security-group-sync-source",
            "verbose": true,
            "force-complete-sync": true
          },
          "cleanup-users-when-sync-removes"
        ]
      }

These values should be the same as the ones you used in the appsettings.json file for your KanBo.
After saving the configured file, place all the files in a .zip folder. Then, follow the instructions for creating a scheduled WebJob: https://docs.microsoft.com/en-…
For M365 group sync jobs, select “GroupSync” as the name and enter the CRON expression “0 */30 * * * *”.
After uploading Group Sync, run it once.
Then, change the “verbose” and “force-complete-sync” values to “false.”
To access the appSettings.json file for the job, go to /home/sites/wwwroot/App_Data/jobs/triggered.

2. M365 Group Delta Sync

Use the same KanBo.JobHost.zip package that you used for the group sync job. Delta Sync is an additional sync job that helps sync Teams Channels with KanBo Spaces.

    {
        "type": "package",
        "name": "auth-aad",
        "client-id": "FILL-ME",
        "tenant": "FILL-ME",
        "thumbprint": "FILL-ME"
       },
       {
            "type": "package",
            "name": "kanbo-api",
            "url": "FILL-ME",
            "thumbprint": "FILL-ME"
          },
         {
            "name": "graph-delta",
            "type": "jobs",
            "graph.group-sync.job": {}
          }

When uploading this job, set the CRON expression to “0 */5 * * * *”.

3. M365 Profile Sync

Full explanation for Profile Sync configuration can be found here: Creating and customizing the Profile Sync Webjob

Using KanBo with Microsoft Teams

When creating workspaces and spaces in KanBo, you can choose to create a new Microsoft 365 group or use an existing one.

→ Read more about:

Configuring KanBo

1. Email notifications

Follow this instruction to configure email notifications.

2. KanBo Search

Follow this instruction to configure Search for KanBo (Elasticsearch).

3. KanBo Teams App

Follow this instruction to configure KanBo Teams App .

4. KanBo Content Database on Azure

After installing KanBo, please adjust the database size to be suitable. This may be necessary for optimal performance of the KanBo Content Database, which was created during setup.

You can see the dependencies in the table below.

Number of users on your KanBo instance	Recommended Pricing Tier for KanBo Content Database
20+ users	Standard 10 DTUs 250GB
50+ users	Standard 20 DTUs 250GB
100+ users	Standard 50 DTUs 250GB

Was this article helpful?

Please, contact us if you have any additional questions.