August 5th, 2020

Let your users skip sign-in with Single Sign-On support for Microsoft Teams tabs

One of the first experiences your users have with your app that can be a make-or-break moment isn’t the app functionality itself, but rather their sign-on experience. Users today expect a frictionless sign-on experience across devices – where they don’t have to repeatedly enter their username and password each time they open the app.

We’ve heard your feedback and have made some great enhancements in this area – that’s why we’re excited to announce that Teams tabs support single sign-on (SSO) with Azure Active Directory (AD)! Developers can now build their apps to sign-in their users using the same account they are using to sign into Microsoft Teams — giving users a more enjoyable and frustration-free sign-on experience.

No more signing-in! Just consent once and you’ll be signed-in everywhere you use Teams both desktop and mobile

Benefits of Single Sign-On

Our new API comes with a host of improvements to both app developers and end-users. The biggest improvement is removing the sign-in experience entirely on any device, even on your phone. This makes accessing your favorite apps in Teams a seamless out-of-the-box experience. Building authentication for your app can be one of the trickiest pieces to get right. Developers should have an easier time building authentication into their application with the new single sign-on API since we handle a lot of the heavy-lifting for them.

In summary, some of the benefits you should expect as user:

  • Less friction when using an app in Microsoft Teams
  • Skip the sign-in step
  • You only have to consent to authentication permissions once
  • Faster load times

Benefits for developers:

  • Your users are more likely to use and return to your app
  • Easier developer experience when building Azure AD authentication for your Teams tabs
  • Works in Task Module dialogs too

Benefits for tenant admins:

  • Supports Azure AD conditional access for better security
  • You can pre-consent an app on behalf of the organization so your users can start using the app right away

Developer Steps

To support single sign-on in your app, you need to

  1. Register your app in the Azure AD app registration portal
  2. Update your Teams manifest with the properties you configured in Azure AD
  3. Call the new SSO API using our SDK and we will return you a valid access token for the current user

For further information on how to get started, check out our developer documentation that will guide you through the process.

Happy coding!

Loki Meyburg – Senior Program Manager, Microsoft Teams

Topics
SSO