I have an app I want to embed as a tab in MS Teams. Users may already have an account outside of teams and I use magic login link to typically to log users in. I want to know if I can leverage teams tab SSO to log users into their existing account. So my idea is:

User has an account with my app already. It is associated with their organization email.They access my app in Teams and grant permissions necessary, my app gets an auth token and validates itIf that is successful, I find the user’s account associated with their email and log them in with a magic login link

I’m wondering if this is a valid use case for teams tab sso? Is it enough to trust that the validated token means the user is good and can be logged in? I know typically there is a “sign in with microsoft” idp option but that is a larger lift. Was wondering if there are big security red flags here. I want to make sure that when a token is validated I can link a user from MS Teams to their account in main app via email and log them in.

​I have an app I want to embed as a tab in MS Teams. Users may already have an account outside of teams and I use magic login link to typically to log users in. I want to know if I can leverage teams tab SSO to log users into their existing account. So my idea is:User has an account with my app already. It is associated with their organization email.They access my app in Teams and grant permissions necessary, my app gets an auth token and validates itIf that is successful, I find the user’s account associated with their email and log them in with a magic login linkI’m wondering if this is a valid use case for teams tab sso? Is it enough to trust that the validated token means the user is good and can be logged in? I know typically there is a “sign in with microsoft” idp option but that is a larger lift. Was wondering if there are big security red flags here. I want to make sure that when a token is validated I can link a user from MS Teams to their account in main app via email and log them in.  Read More

​