What is SSO with Microsoft Teams?

With Microsoft Teams SSO, teachers and students can sign in to an external product (like an app) with their user’s Microsoft Account. The app can then create an account for the user if this is their first time signing in (or match the user with an existing account).

Why Would Edtech Products Implement Microsoft Teams SSO?

Many schools that use Microsoft Teams are interested in vendors that offer content that can integrate with Microsoft 365 Education.  Third-party content that supports integrated functions, like SSO, can make life easier for teachers, students, and administrators. In fact, LMS integration is commonly requested in RFPs that are sent out to edtech vendors.

By implementing Microsoft Teams SSO, developers allow school admins to manage accounts and passwords through the school’s Microsoft Azure Active Directory rather than the edtech platform. By doing this, developers don't have to build or manage a database containing sensitive passwords. Since school admins are responsible for managing Microsoft AD passwords, developers won't receive as many support tickets from users.

Edtech products that implement Microsoft Teams SSO take the first step towards building deeper integrations. SSO is the beginning to enable products to sync course rosters, send grades to the gradebook, and perform a number of other tasks within Microsoft Teams. In fact, once a user signs in with Microsoft, developers can build upon almost any functionality.

Things to Know Before Implementing Microsoft Teams SSO

Microsoft Teams integration and SSO are configured through the Microsoft Graph API. Microsoft's API requires a Microsoft administrator to authorize a product’s access to its data.

Microsoft only supports OAuth 2.0 to authenticate users. This is a notable deviation from other major LMSs, which will typically offer some specification of integrating using the LTI standard in addition to their API.

With OAuth 2.0 integration, users start on a product and click a "Sign In With Microsoft" button. Microsoft then prompts the user for their username and password (if the user is not already logged into Microsoft). The edtech product never “sees” the password the user entered.

After the user signs into Microsoft, the user is redirected back to the product with a code that corresponds to the user’s account. After this code exchange, the product can ask Microsoft for more details about the user. The product can ask for user details such as:

  • name,
  • course enrollments, or
  • homework assignments.

SSO integration with the Microsoft Teams API is the first step to develop deeper integrations. Once Microsoft authenticates a user, a product can then perform functions in Teams on behalf of a user – like gathering a list of the user’s courses or sending grades back to the user’s gradebook.

School admins must approve the integrations to access the district's Microsoft Teams data. Once approved, the integrated product can access data in the school’s Microsoft Team environment, as well as enrollment data from Azure Active Directory.

What are some Microsoft Teams SSO challenges?

One of the biggest challenges of integrating with Microsoft Teams is its lack of support for the LTI standard. While most other major LMSs support some level of the LTI standard, Microsoft Teams does not. So LTI apps that must use the LTI standard to integrate have to be re-developed to communicate with the Microsoft Graph education API.

Also, many of the education APIs in Microsoft Graph are still in beta. This means that these APIs could change in the future.

Read More on Microsoft Teams

Here are other articles we’ve written on Microsoft Teams to help you on your integration journey:

If you're looking for a partner who can help guide you through developing LMS integrations (like these), then let’s introduce ourselves. We’re Edlink!