Configuration
This page covers pulling the Docker image, running the container, and configuring the required environment variables. After completing these steps, continue to Azure Bot Setup to expose the bot and wire it to Microsoft Teams.
Step 1 — Pull the Docker Image
Pull the latest published image:
docker pull delineaxpm/privman-teams:latest
Verify the image is available locally:
docker images delineaxpm/privman-teams
Step 2 — Run the Container
The container requires eight environment variables and a volume mount for conversation persistence. Replace the placeholder values with your credentials from the Prerequisites.
PowerShell (Windows):
docker run -d `
--name privman-teams-bot `
-p 8080:8080 `
-e PRIVMAN_BASE_URL=https://<yourtenant>.privilegemanagercloud.com/Tms `
-e PRIVMAN_USERNAME=<privman-client-id> `
-e PRIVMAN_PASSWORD=<privman-client-secret> `
-e MicrosoftAppId=<azure-ad-app-id> `
-e MicrosoftAppPassword=<azure-ad-app-secret> `
-e MicrosoftAppType=SingleTenant `
-e MicrosoftAppTenantId=<azure-ad-tenant-id> `
-e PORT=8080 `
-e POLL_INTERVAL=60 `
-e CONVERSATION_STORE_PATH=/app/data/conversation_references.json `
-e SCHEDULE_STORE_PATH=/app/data/schedule.json `
-v privman-conversations:/app/data `
delineaxpm/privman-teams:latest
Important: PRIVMAN_BASE_URL must end with /Tms. For example: https://company.privilegemanagercloud.com/Tms
Never commit MicrosoftAppPassword or PRIVMAN_PASSWORD to source control. Pass them via Docker -e flags, a secrets manager, or an .env file outside the repository.
Environment Variables Reference
| Variable | Required | Default | Description |
|---|---|---|---|
MicrosoftAppId
|
Yes | — | Azure AD App Registration > Application (client) ID |
MicrosoftAppPassword
|
Yes | — | Azure AD client secret. Treat as sensitive. |
MicrosoftAppType
|
Yes | SingleTenant
|
Bot identity type. Must match the --app-type value used in az bot create. |
MicrosoftAppTenantId
|
Yes | — | Azure AD tenant ID. |
PRIVMAN_BASE_URL
|
Yes | — | Privilege Manager instance URL. Must end with /Tms. |
PRIVMAN_USERNAME
|
Yes | — | Privilege Manager REST API client ID. |
PRIVMAN_PASSWORD
|
Yes | — | Privilege Manager REST API client secret. |
PORT
|
No | 8080
|
The port the bot listens on. Rarely needs to change. |
POLL_INTERVAL
|
No | 60
|
Seconds between Privilege Manager polls. |
CONVERSATION_STORE_PATH
|
No | conversation_references.json
|
Path for persisting conversation references inside the container. |
SCHEDULE_STORE_PATH
|
No | — | Reserved for local schedule fallback. |
KEY_VAULT_URL
|
No | — | Azure Key Vault URL. Required only for auto-approve. See Auto-Approve (Optional). |
ADMIN_GROUP_ID
|
No | — | Azure AD security group Object ID for admin-only commands. |
Once the container is running, continue to Azure Bot Setup to expose the bot over HTTPS and connect it to Microsoft Teams.
