Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,194 questions
How to use an external IDP but still be able to use Graph API calls to send Teams notifications to usesrs in multiple tenants
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 49%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENW%3C/text%3E%3C/svg%3E)
Nadeera Weerasinghe
0
Reputation points
Hi All, I'm a developer who is fairly new to using Azure AD. I'm researching on a possible solution to the following business use case.
We have an existing LMS web app that uses an external Identity provider which supports OAuth 2.0. We want to extend the login capability of this web app to a Single Sign On experience using Microsoft because some of our end users also belong to MS Azure ADs. We do not have any Personal Microsoft account users.
We also are planning to build new functionality in to this web app so a logged in Microsoft user is able to push notifications to MS Teams Classrooms which he/she is part of. The way I imagined this need to be achieved through Graph APIs but I'm not clear how to get authenticated in order to use it.
I'm a bit overwhelmed by the documentation around this and not sure what is the best way to build this solution.
It would be great if someone can provide me some advice.
As a starting point I'm thinking of creating an Azure subscription that includes the App Registration to our LMS and an Identity to our IDP and create a sign-in flow that will be called. But I'm not quite sure how this can cater the second requirement related to MS Teams need to be handled.
Any help/suggestion would be greatly appreciated. Let me know if I need to provide more information.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 29,676 Reputation points Microsoft Employee2024-05-28T08:18:09.2933333+00:00 @Nadeera Weerasinghe Thank you for reaching out to us, to achieve your use case, you can use Entra ID/Azure AD as the identity provider for your LMS web app and use Microsoft Graph API to push notifications to Microsoft Teams classrooms. Here are the general steps you can follow:
- Register your LMS web app with Azure AD: In the Azure portal, create a new App Registration for your LMS web app and configure it to use Azure AD as the identity provider. You will need to configure the appropriate redirect URIs and permissions for your app.
- Implement the sign-in flow: Implement the sign-in flow in your LMS web app to allow users to sign in using their Azure AD credentials. You can use the Microsoft Authentication Library (MSAL) to implement the sign-in flow.
- Obtain an access token for Microsoft Graph API: Once the user is authenticated, you can obtain an access token for Microsoft Graph API using the MSAL library. You will need to configure the appropriate permissions for your app to access Microsoft Graph API.
- Use Microsoft Graph API to push notifications to Microsoft Teams classrooms: Once you have obtained an access token for Microsoft Graph API, you can use the API to push notifications to Microsoft Teams classrooms. You can use the Microsoft Graph API's
POST /teams/{id}/channels/{id}/messagesendpoint to send messages to a specific channel in a Microsoft Teams classroom.
By following these steps, you can use Azure AD as the identity provider for your LMS web app and use Microsoft Graph API to push notifications to Microsoft Teams classrooms.
We have a sample as well to authenticate and call Graph API - https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect
Let me know if you have any further questions, feel free to post back.
Sign in to comment