Integrate with Azure Active Directory

In this article, we'll learn about how to integrate apps created using Power Apps in Microsoft Teams with Azure Active Directory (AD).

Integration with Azure AD enables many deep capabilities within your organization hierarchy, the people in your organizations, and groups. For example, you can get information about a person, their job title, department, or photo. You can also get information about the user's organization hierarchy, such as their manager.

This integration can also be used to grant access to app functionality based on their role or group membership, and therefore, be used to control security to sensitive data or functionality.

In this article, we'll create a Power Apps app with a button with administrative access on it. The visibility of the button will depend on whether the user is a member of the admin group or not.

Watch this video to learn how to integrate Power Apps app with Azure Active Directory:

Prerequisites

To complete this lesson, we'd need the ability to create apps within Teams that will be available as part of select Microsoft 365 subscriptions. We'll also need access to Azure AD to create the admin group and assign members to it.

Sign in to Teams

Login into Teams using either the Desktop app or the web app.

Create a new Team

In this section, we'll create a new team, and then create an app within that team. Skip this section if you already have a team that you want to use instead of creating a new one.

1. To create a new team, select the Teams tab, and then select Join or create a team on the left bottom of the screen.

2. Select Create Team > From Scratch > Public, give the team a name such as "Azure AD Integration", and select Create.

3. (Optional) If you have any members in your organization that you'd like to add to the team for testing purposes, select them, and add them in the popup for adding members.

4. Select Close.

The new team gets created, and is listed under the Teams tab.

Create a new Azure AD Group

1. Sign in to Azure portal with the same account that you logged into Teams with earlier.

2. On the top search bar, search for and select Groups.

3. Select + New Group.

4. Set up the group with the following values:

   Option	Value
   Group type	Microsoft 365
   Group name	Admin Access
   Group email address	Automatically updated
   Group description	Group for users with Admin access

5. Select Create.

6. Copy the group's object ID from the group overview screen for use later.

Create a new app

We'll create an app with a button that will only show up if the user is a member of the team we created above.

1. Open the Teams app.

2. Select Power Apps.

3. Select + New app under Recent apps.

4. Select the team created earlier, and then select Create.

5. The app gets created, and the Power Apps Studio opens to allow editing the app.

6. Enter a name for the app, such as "Integrate with Azure AD", and then select Save.

7. Select Data > Add data.

8. In the connectors list, search for Azure AD, and select it to add that as a connection.

9. Select Connect.

10. Sign in, and select Accept to connect.

11. In the Tree view, select + New screen to add a new screen to the app.

12. Select + (Insert) icon on the left-pane.

13. Select Button.

14. Set the "Text" property of the button to “Admin access”.

15. Select + (Insert) again, and then select label control to add.

16. Update the label text to "Admin level: ".

    

17. Select the app from the tree view, and open the OnStart property from the top-left of the screen.

18. Enter the following formula for the app OnStart:

    If(
        !IsEmpty(
            AzureAD.CheckMemberGroups(
                User().Email,
                ["Enter your Azure group ID here"]
            ).Value
        ),
        Set(varAdmin,true),
        Set(varAdmin,false)
    )
    

    Note

    Update the formula with the group ID (GUID) for the group you copied earlier.

19. Select ... (ellipsis) next to the app, and then select Run OnStart.

20. Select ... (ellipsis) next to Settings on the top ribbon, and select to view variables. varAdmin is set to False.

21. Select Screen 2 from the Tree view, and update the Text formula for the label to "Admin Level: " & varAdmin. The label will currently show as "Admin level: false" on the screen.

    We'll now control the visibility of the Admin Access button so that it only shows up when the user is an admin (for example, belongs to the Admin access group in Azure AD)

22. Select the button, and set the Visible property to "varAdmin".

    The button doesn't show up anymore since we don't have admin access.

Testing the integration

1. Sign in to Azure portal.

2. Select the group created earlier.

3. Select Members under Manage from the left-pane.

4. Select + Add members to add members to the group/

5. Select users from the list of users under Add members to add to the group.

6. Select Select. Selected users get added to the group.

7. Go back to Teams.

8. Select Tree view.

9. Select the app > Run OnStart.

The admin access button is now visible on Screen 2, and the label shows admin level as true since we're now members of the Admin access group.

See Azure AD integration in action

You can see an example of Azure AD integration in the Profile+ sample app template for Teams.

• Office 365 Users connector is used to retrieve the user profile, including name, photo, manager, and other details.
• Office 365 Groups connector is used to retrieve the people who report to a selected user.