-
Notifications
You must be signed in to change notification settings - Fork 31
Logging to Microsoft Teams
RFLIB can post a notification to a Microsoft Teams channel whenever a log event is published at or above a configured severity threshold. The integration uses a Teams Incoming Webhook (a Power Automate Workflow, or a legacy Office 365 connector) and Salesforce Named Credentials to keep the webhook URL secure.
- A Microsoft Teams team and channel where you have permission to add a workflow or connector
- Permission to create flows in Power Automate (recommended) or to add connectors to the channel
- Salesforce org with RFLIB v10.2.0 or later deployed
- Permission to manage Named Credentials in Salesforce Setup
Microsoft now recommends creating the webhook with a Power Automate Workflow because the legacy Office 365 "Incoming Webhook" connector is being retired. RFLIB supports both.
- In Teams, open the channel where notifications should appear, click the ••• menu next to the channel name, and choose Workflows.
- Search for the template Post to a channel when a webhook request is received and select it.
- Confirm the connection, then select the Team and Channel that should receive the messages and click Add workflow.
- Teams generates an HTTP POST URL. Copy it — this is your webhook URL.
https://prod-00.westus.logic.azure.com:443/workflows/.../triggers/manual/paths/invoke?api-version=2016-06-01&sp=...&sig=...Keep this URL private. It acts as a bearer token — anyone with it can post to your channel.
- In Teams, click the ••• menu next to the channel name and choose Connectors.
- Find Incoming Webhook and click Configure.
- Give it a name (e.g.
RFLIB Logger), optionally upload an image, and click Create. - Copy the generated webhook URL.
RFLIB accepts both HTTP
200(legacy connector) and202 Accepted(Power Automate Workflow) as success responses, so either option works without code changes.
The webhook URL must be stored as a Named Credential so it is never visible in code, Custom Settings, or SOQL queries. In the modern Salesforce model a Named Credential references an External Credential, so this step has three parts: create the External Credential, add a Principal, then create the Named Credential.
-
In Salesforce Setup, search for Named Credentials and open it.
-
Select the External Credentials tab and click New.
-
Fill in the fields:
Field Value Label TeamsName TeamsAuthentication Protocol No AuthenticationThe Teams webhook URL is itself the bearer token, so no additional authentication protocol is required.
-
Click Save.
- On the Teams External Credential detail page, scroll to the Principals section and click New.
- Set the Parameter Name to
RFLIB Teamsand leave the Sequence Number as1. - Click Save. The Principal's Authentication Status should show Configured.
The running user (or the Automated Process user, depending on how the RFLIB Log Event Handler flow runs) must be granted access to the Teams External Credential through a Permission Set. Without this access, callouts fail with an authorization error.
-
Back on the Named Credentials tab, click New.
-
Fill in the fields:
Field Value Label RFLIB Teams IntegrationName RFLIB_TEAMS_WEBHOOK(must match exactly)URL Paste the Teams webhook URL from Step 1 Enabled for Callouts Checked External Credential Teams -
Click Save.
Sandbox vs Production: Named Credentials are org-specific. You must create this credential separately in each sandbox and in production. Using different webhook URLs per environment lets you route sandbox notifications to a dedicated Teams channel.
-
In Salesforce Setup, search for Custom Settings and open
rflib_Logger_Settings__c(Logger Settings). -
Click Manage, then either edit the existing org default or click New to create one.
-
Set the Teams Log Level field to the minimum severity that should trigger a notification:
Value Behaviour NONEDisabled — no Teams notifications sent (default) FATALOnly FATAL events ERRORERROR and FATAL events WARNWARN, ERROR, and FATAL events INFOand belowNot supported (clamps to WARN at runtime) Most teams start with
ERRORorWARN. -
Click Save.
The Teams Log Level setting is a Hierarchy Custom Setting, meaning it can be overridden at the Profile or User level if finer-grained control is needed.
WARNis the enforced minimum — INFO, DEBUG, and TRACE events are never sent to Teams regardless of this setting.
When a rflib_Log_Event__e Platform Event is published, the RFLIB Log Event Handler flow fires. If the event's level meets the configured Teams Log Level threshold, rflib_SendLogEventTeamsAction posts an Adaptive Card message to the configured Teams channel.
The message includes:
- Log Level (in the header and as a fact)
- Org Name — the name of the Salesforce organization
- Created By — the Salesforce User ID that triggered the event
- Context — the logger context string
- Request ID — the transaction request ID for correlation
- Log Messages — the log output, rendered in a monospace block (truncated from the beginning at 2,800 characters so the exception at the tail is visible)
- Platform Info — governor limit snapshot in formatted JSON (truncated at 2,800 characters)
Execution order in the flow:
Platform Event fires
│
▼
Log to HTTP Endpoint (rflib_HttpCalloutLogAction)
│ ← fault skips to next step
▼
Send Log Event to Slack (rflib_SendLogEventSlackAction)
│ ← fault skips to next step
▼
Send Log Event to Teams (rflib_SendLogEventTeamsAction) ← runs in a new transaction
│ ← fault skips to next step
▼
Send Log Event to Google Chat (rflib_SendLogEventGoogleChatAction) ← runs in a new transaction
│ ← fault skips to next step
▼
Archive Log Event (rflib_ArchiveLogAction)
│ ← fault skips to next step
▼
Send Log Event Emails (rflib_SendLogEventEmailAction)
Each step has a fault connector that continues to the next action, so a Teams failure never prevents archiving or email from running. The Teams step runs in a new transaction to isolate its governor limits from the preceding HTTP callout action.
Notification cap: To protect against floods, RFLIB sends at most 20 Teams notifications per flow invocation by default. Override this with the
Max_Teams_Notifications_Per_InvocationGlobal Setting (rflib_Global_Setting__mdt). Events beyond the cap are skipped for that invocation.
- Verify the Named Credential name is exactly
RFLIB_TEAMS_WEBHOOK(case-sensitive). - Confirm Teams Log Level in Logger Settings is not
NONEand matches the severity of the events you are generating (remember the WARN floor). - Check the rflib_Application_Event__c object for records with
Event_Name__c = 'rflib-teams-log-event-failed'— these capture failure details including HTTP status codes and exception messages. - For Power Automate Workflows, confirm the flow is turned on in Power Automate and that its run history does not show authentication failures.
The webhook URL in the Named Credential may be incorrect or the webhook/workflow may have been deleted or disabled. Recreate the webhook in Teams and update the Named Credential URL.
Adaptive Cards in Teams have a 28 KB total payload limit. RFLIB caps each text block at 2,800 characters. Log messages are truncated from the beginning (not the end) so the exception at the tail is always visible, prefixing the block with [TRUNCATED]. Platform info is also truncated at 2,800 characters. This is expected behaviour for very verbose log events. Consider raising the General Log Level setting to reduce noise captured in events.
Raise the Teams Log Level threshold (e.g., from WARN to ERROR). You can also set a user- or profile-level override in Logger Settings to suppress Teams notifications for high-volume automated processes, or lower the Max_Teams_Notifications_Per_Invocation Global Setting.
- The webhook URL is a secret. Store it only in the Named Credential — never in Custom Settings, Apex code, or Custom Metadata.
- Restrict edit access to the Named Credential to System Administrators only.
- Log messages processed by RFLIB are subject to masking rules (
rflib_Masking_Rule__mdt) before the Platform Event is published, so sensitive data masked at the logger level will not appear in Teams. - Rotate the webhook URL periodically (recreate the Power Automate Workflow or connector) and update the Named Credential accordingly.
- Home - Start here for installation and learning path
- Getting Started with Logging - Start here
- Logger Settings - Configure your logging
- Getting Started with Feature Switches - Control features
- Getting Started with Application Events - Track business metrics
- Getting Started with Logging - Core logging guide
- Logger Settings - Detailed configuration
- Log Archive - Long-term storage
- Using Log Aggregation - Trend analysis
- Using the Log Timer - Performance tracking
- Masking Log Messages - Security & privacy
- Logging in OmniStudio - OmniStudio integration
- RFLIB CLI Plugin - Automation tools
- Ops Center Overview - Central monitoring hub
- Logging Dashboard - View and analyze logs
- Management Console - System administration
- Permissions Explorer - Security validation
- Application Event Dashboard - Business insights
- Getting Started with the Trigger Framework - Metadata-driven triggers
- Getting Started with Retryable Actions - Reliable async processing
- Getting Started with HTTP Mocking - Integration testing
- Node / LWR Logger - Server-side Node.js / LWR logging
- Salesforce Functions - Serverless compute (EOL — see Node / LWR Logger)
- Logging to AWS CloudWatch - Cloud monitoring
- Logging to Azure App Insights - Azure observability
- Logging to OpenTelemetry - OTLP/HTTP forwarding
- Logging to Slack - Slack integrations
- Logging to Microsoft Teams - Teams integrations
- Logging to Google Chat - Google Chat integrations
- Getting Started with Pharos - External analytics
- [Outbound Callouts including the T