Microsoft Teams community call - February 2020
•Download as PPTX, PDF•
0 likes•245 views
In this month's call, Loki Meyburg, Program Manager for Microsoft Teams discusses single sign-on (SS0) in Microsoft Teams, including: -What is single sign-on (SSO) -Authentication in 2019 -Single sign-on for Teams tabs today! -Getting starting with SSO Watch the recording here - https://youtu.be/91Sb5lz3STI
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Microsoft Teams community call - February 2020
Similar to Microsoft Teams community call - February 2020 (20)
More from Microsoft 365 Developer
More from Microsoft 365 Developer (20)
Recently uploaded
Recently uploaded (20)
Microsoft Teams community call - February 2020
- 1. Single Sign-On for Teams Tabs Loki Meyburg, Platform PM February 18, 2020 Microsoft Teams Developer community call
- 2. Call agenda
- 4. • Azure AD Single Sign-On support for Teams “tabs” • Sign-in your users with the same account they’re using in Teams • Users never have to sign-in again • Improved developer experience for building authentication
- 6. • We already support cookie-based authentication • We support “faux-SSO” with silent authentication (still cookie-based) • If an auth cookie has expired, we allow you to briefly surface an authentication pop-up to fetch a new valid cookie • Sample code available in our documentation • Doesn't work cross-device 😢 • Authentication is one of our biggest developer complaints Authentication in 2019
- 8. Skip signing-in to apps in TeamsEnd user Simpler development when it comes to authenticationDeveloper Protect user privacy and security through conditional access policiesIT Admin Common needs
- 9. Teams ♥ Azure AD Teams Tabs authentication can be built using Azure AD single-sign on Faster load times Easier development Works on desktop + mobile Conditional access policies apply
- 10. Consent once, and then be automatically signed in on any device any time you visit that tab. ⭐
- 12. • Register in AAD Portal • New app type should be "Accounts in any organizational directory and personal Microsoft accounts" • Get your App ID • Expose an API • api://fully-qualified-domain-name.com/$AppID$ • Add a scope • access_as_user • Authorize the Teams applications • Under "Authorized client's applications" allow the Teams app to request a token • Client ID: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 SSO – 1) AAD App Registration
- 13. • WebApplicationInfo- Add this property to your manifest • Id- The client ID of the application. This is an application ID that you obtain as part of registering the application with Azure AD. • Resource- The domain and subdomain of your application. This is the same URI (including theapi://protocol) that you used when registering the app in AAD. The domain part of this URI should match the domain, including any subdomains, used in the URLs in thesection of your Teams application manifest. SSO – 2) Teams Manifest "webApplicationInfo": { "id": "<application_GUID here>", "resource": "<web_API resource here>" }
- 14. • Here's what the authentication API looks like: var authTokenRequest = { successCallback: function(result) { console.log("Success: " + result); }, failureCallback: function(error) { console.log("Failure: " + error); }, }; microsoftTeams.authentication.getAuthToken(authTokenRequest); SSO – 3) Get an auth token using the SDK
- 17. Register an app with AAD
- 25. Update your Teams code
- 28. Constraints
- 29. 1. Only works with Azure Active Directory (ie: we don’t support Google auth, etc) 2. Your AAD app URI needs to match the domain name of your Teams tab (to verify you own the domain) 3. We do not support hosting from azurewebsites.net (yet) 4. We can only provide you “authentication” permissions 1. To get “authorization” for additional permissions, you must exchange the token using Azure Active Directory’s on-behalf-of flow. 5. Mobile is not supported (yet) Constraints
- 30. More about today’s topics: https://aka.ms/teams-sso https://aka.ms/teams-sso-sample https://myapplications.microsoft.com/
Editor's Notes
- Let’s talk the about common needs of the various people who interact with SharePoint Framework applications (aka web parts). The end user should be able to use their tools regardless of which collaboration software they’re using. Since every Team in Microsoft Teams is backed by an underlying SharePoint site, it becomes more and more important to the end user that their workflow tools are able to bridge seamlessly between one another. For example, when an end-user uses the “files” tab in Microsoft Teams, they’re actually interacting with the files stored in the SharePoint site without knowing the difference between one or the other. The same experience should be afforded to the end-user. The user should be able to use the same app across multiple Office products. Speaking of LoB, or line-of-business apps, the IT admin wishes to reduce the number of places and ways to manage and deploy solutions to their end users or internal employees. One of the challenges big IT organizations face is getting approval to deploy and run new internal applications and something that the SharePoint Framework does quite well is that it runs on SharePoint for free. Making it much easier to spin up and manage an application in what is usually an already IT-approved environment, such as SharePoint. In an Enterprise environment, it can always be tricky to get approval to host a new application: you need to get approval for the server costs, you have to make sure the data is in a secure As a developer, and especially as a developer who considers themselves a Microsoft developer, you want to code up your solution once and have it work across multiple Office products and workloads. One of the great things about SharePoint and Teams is that they’re both backed by a modern group and are accessible via the Graph so the developer concepts are very aligned. If you’re an Office 365 developer then you want to feel at home regardless of which Microsoft product you’re building an app or extension for. [next animation] So what does this mean for SharePoint and Teams? Let’s take a look at how SharePoint Framework and Teams can work seamlessly together. [next]
- On the left, you can see a fairly complex Lead Management SharePoint application exposed inside of Teams. I’ll show you a demo of this application in a second. Tabs are automatically hosted and executed in the context of SharePoint, yet they are also made aware of the fact that they are running inside of Teams. For example, you can get the channel name or theme of the Teams tab you’re running inside of and use that information to change or customize the look and feel of your SharePoint Framework webpart. Let’s talk about hosting because that’s an important one. Hosting a web part in SharePoint to be used in Teams does not cost you anything extra. In addition, SharePoint will host your application on their battle-tested global CDN. IT admins can rest easy knowing that any additional applications can be managed in one location through SharePoint making it easier to maintain. Finally, you can take advantage of all SharePoint framework capabilities in your Teams tab. With the use of lists, Graph and more you can create some really powerful end-to-end solutions.