What is SSO?

SSO - or single sign-on - is a method of allowing users to sign into different applications or websites using one set of credentials. With Microsoft Teams SSO, teachers and students can sign into an external app using their Microsoft Account. The app can then create an account for the user if this is their first time signing in or match the user with an existing account.

Why Would Your Application Implement Microsoft Teams SSO?

Many schools that use Microsoft Teams are interested in vendors that offer content that can integrate with Microsoft 365 Education.  Third-party content that supports integrated functions, like SSO, can make life easier for teachers, students, and administrators. In fact, LMS integration is commonly requested in RFPs that are sent out to edtech vendors.

By implementing Microsoft Teams SSO, you allow admins at the schools you work with to manage accounts and passwords through Microsoft Azure Active Directory rather than your platform. This means you don't have to build or manage a database containing sensitive passwords. Since tech admins are responsible for managing Microsoft AD passwords, you won't receive as many support tickets from teachers and students who are having trouble figuring out how to sign in.

Implementing Microsoft Teams SSO for your platform is the first step towards building deeper integrations. It enables your application to sync course rosters, send grades to the gradebook, and perform a number of other tasks within Microsoft Teams. In fact, once a user is signed in with Microsoft, you can build upon almost any functionality that their account can access.‌

What to Know When Getting Started With Implementing Microsoft Teams SSO

Microsoft Teams integration and Microsoft single sign-on are configured through the Microsoft Graph API. Microsoft's API requires a Microsoft administrator to authorize an application's access to their data.

Microsoft only supports OAuth 2.0 to authenticate users. This is a notable deviation from other major learning management systems, which will typically offer some version of LTI® integration in addition to their API.

With OAuth 2.0 integration, users start on your website or mobile app and click a "Sign In With Microsoft" button. Microsoft will then prompt the user for their username and password (if they are not already logged into Microsoft). Your app, itself, never sees the password the user entered.

After the user has signed into Microsoft, they are redirected back to your website with a code that corresponds to their account. After exchanging this code, your website or app can ask Microsoft  for more details about the user, such as their name, their course enrollments, or their homework assignments.

Building an SSO integration with the Microsoft Teams API is also the first step to developing deeper integrations. Once a user is authenticated by Microsoft, an app then has the ability to perform functions in Teams on behalf of a user, like gathering a list of their courses or sending grades back to their gradebook.

It is important to note that the administrator of the district must approve the integration in order to access that district's Microsoft Teams data. Once approved, the integration application can access data in the school’s Microsoft Team’s environment, as well as enrollment data from Azure Active Directory.

What are the challenges of SSO for Microsoft teams?

One of the biggest challenges of integrating with Microsoft Teams is its lack of support for LTI. While most other major learning management systems support some level of LTI, Microsoft Teams does not. This means that any app developed for LTI has to be reworked to communicate with the Microsoft Graph education API.

Also, many of the education APIs in Microsoft Graph are still in beta. This means that these APIs could change in the future.

Read More on Microsoft Teams

Here are other articles we’ve written on Microsoft Teams to help you on your integration journey:

If you're looking for a partner who can help guide you through developing LMS integrations (like these), then let’s introduce ourselves. We’re Edlink!