Understanding Azure AD Single Sign-on for Microsoft Teams apps

Bob German

If you want to understand the sometimes-complex topic of Single Sign-on (SSO), keep reading this blog and check out our corresponding video. Both are a starting point for developers who want to build Microsoft Teams apps and need to understand SSO with Azure Active Directory, the authentication system used by Microsoft Teams.

What is SSO and why do you need it?

There is no single definition for SSO, which is part of the confusion. This is true even within Microsoft. Here, we explain and demonstrate the SSO approaches used in the Microsoft Commercial Marketplace (app store) and within an app running in Microsoft Teams to help you get started building SSO for your Teams application.

There are good reasons to include Azure AD SSO in your Microsoft Teams app:

  • It’s easier for users, who otherwise would need to juggle a different account to use your app in Teams than they use to log into Teams itself.
  • It’s easier for team owners and administrators, who need to ensure all users have the extra login, and who have to manually set permissions when Team members change, for example.
  • It’s required to monetize your application in the Microsoft Teams store.
  • It’s required for the Microsoft App Compliance Program, which helps Microsoft customers select trustworthy applications.

This video walks you through the concepts you need to understand SSO for building and troubleshooting applications. Topics covered include:

  • What is SSO and why is it important?
  • Microsoft 365 tenants and Azure AD
  • Azure AD app registration, resources and scopes
  • Four common confusions: Azure AD and similarly named products, Microsoft 365 and Azure tenants vs. subscriptions, different terms that mean the same thing, and the different kinds of permissions
  • OAuth 2.0 protocols with Azure AD
  • Single page applications with Azure AD, similar to how a monetized Teams store app’s landing page handles authentication
  • Teams tab with pop-up authentication
  • Teams tab with Teams SSO (the preferred method)
  • Teams tab with SharePoint Framework
  • Teams bot with Azure AD auth
  • Troubleshooting tips

Check out the video and leave comments if you have additional questions or requests for other video topics!

References

Happy coding!