Forum Discussion

seydou's avatar
seydou
Copper Contributor
Apr 13, 2026

SSO for a Python Teams Bot (M365 Agents SDK + FastAPI) — Single-Tenant, Multi-Tenant, and UAMI

We're building, a Teams bot (Python / FastAPI) that uses the M365 Agents SDK (microsoft-agents-hosting-fastapi + microsoft-agents-authentication-msal, v0.8.0) with a CloudAdapter and MsalConnectionMa...
Administrator
developer
microsoft teams
Nivedipa-MSFT's avatar
Nivedipa-MSFT
Icon for Microsoft rankMicrosoft
Apr 14, 2026

Hello seydou -

Most likely cause: Your Azure AD app or Bot OAuth connection is set up for a single tenant instead of multi-tenant.

Key fixes:

  • App registration: Change supported account types to Multitenant
  • Bot OAuth connection: Set Tenant ID to common rather than a specific tenant ID
  • Token Exchange URL: Use api://botid-{your-bot-id}
  • MSAL authority in Python: https://login.microsoftonline.com/common
  • Authorized client apps under "Expose an API": Include Teams client IDs (1fec8e78-bce4-4aaf-ab1b-5451cc387264 and 5e3ce6c0-2b1f-4285-8d4b-75ee78787346)
  • External tenant admins may need to give consent using the admin consent URL
     

Quick test: If SSO works for users in the same tenant but not for external users, it's likely that the tenant ID is hardcoded instead of set to common.