Skip to main content

Notifications

Power Platform Community / Forums / General / SSO integration in Teams
General
Answered

SSO integration in Teams

Posted on by 26

Hi all,

as stated here "SSO is only supported on the live website publication channel."

Does exist a roadmap for the SSO integration in the other channels, especially in Teams?

For when we can expect new releases?

 

Thanks,

Alessandro.

 

  • Re: SSO integration in Teams

    This is the default behavior and will prompt you for login just for the first time in Teams. After that the credentials will be cached in Teams and no need to login again. You will not be able to change this behavior within Teams. In my case I had the bot deployed to a web page and hence the custom code uses MSAL to avoid this login prompt.

  • nk1ng Profile Picture
    nk1ng 71 on at
    Re: SSO integration in Teams

    @Anonymous, I broke my test bot trying to integrate sso in Teams currently lol.  However basically I am just trying to get rid of that OTP all together but I want to have the option for the bot to communicate on behalf of the user.

     

    Here is the test bot on powerva (need to change something on that for Teams, when I published to Teams it quit listening):

    nk1ng_0-1632832643266.png

     

     

     

  • Re: SSO integration in Teams

    @nk1ng All the steps that are mentioned in this thread is for custom web pages and not Teams. For Teams it is out of box. You do not need to do anything with Teams. Not even SSO configuration. The Teams will prompt for the login once and will be stored in Teams cache until you clear the cache. Not sure what is the error you are getting when you try to deploy the bot to Teams. Can you share screenshot?

     

  • nk1ng Profile Picture
    nk1ng 71 on at
    Re: SSO integration in Teams

    Basically, @Anonymous, do I need to start over with a new VB/ngrok bot or it's possible to use SSO on Teams without custom code  and just use my PowerVA bot?

  • nk1ng Profile Picture
    nk1ng 71 on at
    Re: SSO integration in Teams

    Just in Teams, @Anonymous.  I don't need the web side of it, still need to write custom code for SSO?

    Also trying to walk through youtubes on that but it's always using ngrok/vb and always using Multitenant..

    nk1ng_1-1632759741771.png

     

    Need to change that too?

     

  • Re: SSO integration in Teams

    @nk1ng  I understand that. Where are you hosting your bot - In Teams or in a web page? If it is external web page then everytime you open the page the bot will prompt you for login and password. if you want to avoid that then you will have to write custom code

  • nk1ng Profile Picture
    nk1ng 71 on at
    Re: SSO integration in Teams

    Also I am not using ngrok/VB code, my bot is straight PowerVA.. I am struggling with that, I don't have any "code" to modify?  That makes a different?

  • nk1ng Profile Picture
    nk1ng 71 on at
    Re: SSO integration in Teams

    So on this tutorial:  https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso-teams

    nk1ng_0-1632754222118.png

     

    Where is the second client ID?  I am just trying to set up SSO on Teams not the web, I still need the second client?

     

     

  • Re: SSO integration in Teams

    It is not custom logon card. The directline API requires a User to communicate with bot. The MSAL code that I mentioned checks for any token and if not tries to get a new user token. If the page hosting the bot is in M365 then the single sign on will be seamless without any login prompt. If not then the user will be prompted to type in user name and password. In my case I was hosting this bot within SP Online page and hence the MSAL login was seamless. The login card is provided internally by Azure AD and there is no need to build any card for that.

     

    directLine.postActivity({
    		 type: 'invoke',
    		 name: 'signin/tokenExchange',
    		 value: {
    		 id: activity.attachments[0].content.tokenExchangeResource.id,
    		 connectionName: activity.attachments[0].content.connectionName,
    		 token,
    		 },
    		 "from": {
    		 id: userID,
    		 name: userEmailAddress,
    		 role: "user"
    		 }
    		 }).subscribe(
    		 id => {
    
    		 if (id === 'retry') 
    		 {
    		 	document.location.reload();
    		 // bot was not able to handle the invoke, so display the oauthCard
    		 //return next(action);
    		 }
    		 // else: tokenexchange successful and we do not display the oauthCard
    		 },
    		 error => 
    		 {
    		 	debugger;
    		 // an error occurred to display the oauthCard
    		 return next(action);
    		 }
    		 );

    In this code the UserID used in "from" parameter is Azure AD user id.

     

    Hope this helps

  • nk1ng Profile Picture
    nk1ng 71 on at
    Re: SSO integration in Teams

    So I need to build a custom logon card and publish somewhere for SSO in Teams to work, without that it won't work correct?

    -n

Helpful resources

Quick Links

Exciting News for Copilot Studio Communi…

Get ready to experience a whole new level of engagement with the Copilot Studio…

Celebrating the May Super User of the…

LaurensM is an exceptional contributor to the Power Platform Community…

Check out the Copilot Studio Cookbook…

We are excited to announce our new Copilot Cookbook Gallery in the Community…

Leaderboard

#1
renatoromao Profile Picture

renatoromao 6,459

#2
Pstork1 Profile Picture

Pstork1 1,954

#3
Expiscornovus Profile Picture

Expiscornovus 1,667