SSO in Azure doesn't work for the test users from the free Microsoft 365 Developer Program

hi olacaminan​ check below

Grant “Admin Consent” at the tenant level

Your application (SAP BTP Enterprise Application + Teams app registration) has API permissions that your test users cannot consent to.

Go to:

Azure Portal → Entra ID → Enterprise Applications → Your SAP BTP App → Permissions

Click:

Grant admin consent for <your tenant>

This is the #1 cause of SSO failing for test users.

---

Make sure test users have the Enterprise App assigned

Go to:

Azure Portal → Entra ID → Enterprise Applications → SAP BTP App → Users and Groups

Even if roles look “same”, check:

User assigned to the app

Correct role (if the app defines appRoles)

Developer tenants sometimes don’t pick up assignments unless you:

Remove the user

Re-add the user

Wait 15 minutes or force token refresh

---

Check Conditional Access

Developer tenants sometimes enable:

Baseline policies

MFA is required

Block legacy authentication

Make sure no CA policy forces extra authentication for test users.

SSO flows break if CA blocks token issuance.

---

Check BTP trust configuration

Your main admin account trusts your Entra ID tenant by default.

Test users must also exist in the SAP BTP subaccount or trust configuration:

User synchronized (if using IAS or Azure AD)

Correct BTP role collections assigned

If test users have no BTP role assignments → SSO fails.

--

Test with a fresh token

Have the test user run:

https://login.microsoftonline.com/logout

Then log in again and retry the Teams SSO feature.