You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need help completing SSO integration for a Microsoft Teams bot that uses User-Assigned Managed Identity (UAMI) instead of a traditional App Registration client secret/certificate.
What I have done so far
Created a Teams bot whose bot identity = User Assigned Managed Identity
Connected the bot to Teams using the manifest file
Deployed backend (Python, Agent SDK, Microsoft Agent Framework) to Azure App Service
Since client secrets & certificates are not allowed in my tenant, I created an Azure App Registration only for SSO
Under Authentication → added Federated Credentials
Configured OAuth Connection in Azure Bot Channel Registration → Test Connection works, token is issued successfully
Everything works until this point.
Where I am stuck
How do I integrate OAuth SSO token into my Python backend (Agent SDK + Bot Framework)?
Since I am not using a traditional App Registration for the bot, I’m not sure how to integrate the federated-credential–based OAuth flow inside the bot logic.
Is there any Python sample/repo where federated credentials + Teams SSO + Agent SDK have been implemented?
How should the bot verify the token and request Graph API on behalf of the user?
Do I need to expose an API in the App Registration?
My tenant raises a security alert if any API is exposed,
Is it possible to complete SSO without exposing API permissions in the App Registration?
User's image
Do I need to modify the Teams Manifest?
I’m unsure if something must be added to enable SSO with federated credentials, such as:
webApplicationInfo.resource
webApplicationInfo.id
or any additional SSO-related entries for bots
Currently my manifest only contains basic bot configuration.
What I need clarity on
Correct backend implementation pattern for federated credentials SSO with Python Agent SDK
Whether API permissions are mandatory
Required manifest changes (if any)
Any official documentation, GitHub samples, or guidance would be extremely helpful. Thanks in advance
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Community,
I need help completing SSO integration for a Microsoft Teams bot that uses User-Assigned Managed Identity (UAMI) instead of a traditional App Registration client secret/certificate.
What I have done so far
Created a Teams bot whose bot identity = User Assigned Managed Identity
Connected the bot to Teams using the manifest file
Deployed backend (Python, Agent SDK, Microsoft Agent Framework) to Azure App Service
Since client secrets & certificates are not allowed in my tenant, I created an Azure App Registration only for SSO
Under Authentication → added Federated Credentials
Configured OAuth Connection in Azure Bot Channel Registration → Test Connection works, token is issued successfully
Everything works until this point.
Where I am stuck
Since I am not using a traditional App Registration for the bot, I’m not sure how to integrate the federated-credential–based OAuth flow inside the bot logic.
Is there any Python sample/repo where federated credentials + Teams SSO + Agent SDK have been implemented?
How should the bot verify the token and request Graph API on behalf of the user?
My tenant raises a security alert if any API is exposed,
Is it possible to complete SSO without exposing API permissions in the App Registration?
User's image
I’m unsure if something must be added to enable SSO with federated credentials, such as:
webApplicationInfo.resource
webApplicationInfo.id
or any additional SSO-related entries for bots
Currently my manifest only contains basic bot configuration.
What I need clarity on
Correct backend implementation pattern for federated credentials SSO with Python Agent SDK
Whether API permissions are mandatory
Required manifest changes (if any)
Any official documentation, GitHub samples, or guidance would be extremely helpful. Thanks in advance
Beta Was this translation helpful? Give feedback.
All reactions