Microsoft Teams with SSO
- Steinar Line
- August Heltne
- Mari Fuglem
- Elias Brattli Sørensen
This is a feature in Kantega SSO to support running the Atlassian products Confluence, Jira, Bamboo, and Bitbucket as apps in Microsoft Teams. Kantega SSO also gives you single sign-on using your user’s identity from Microsoft Entra ID.
If you are planning on running Microsoft Teams in browsers and not only as a standalone app, you will have to consider getting SameSite cookies to work for the Atlassian apps when loaded in the Teams app, because of issues with iframes and SameSite cookies.
This problem is explained here: https://jira.atlassian.com/browse/CONFSERVER-59298
Setup guide
The following steps are required to make Confluence, Jira, Bamboo, or Bitbucket run inside Teams and offer SSO. Parts of this guide is based on this guide from Microsoft Add SSO to Tab & Message Extension App - Teams.
No | Name | Description |
|---|---|---|
I | For Confluence only: Disable anti clickjacking protection as this is too strict to allow Confluence being added in a Teams app, and enable similar protection in Kantega SSO that allows for usage in Teams. | |
II | In Microsoft Entra ID: Either add the relevant Teams SSO configuration to existing OIDC client application or create a new Teams SSO client application. The latter is especially relevant if your current client application setup is using SAML. | |
III | Create a Teams app with the relevant URLs and values to allow SSO for your Atlassian product and publish this in your company’s Teams tenant. | |
IV | Turn on Teams SSO login in Kantega SSO and test your setup |