Permissions for a static teams tab

Copper Contributor

If I am building a basic teams tab that is just a static site with buttons for redirect, do I need to request any permissions? I'm looking at this: https://learn.microsoft.com/en-us/graph/permissions-reference and nothing seems relevant in the first iteration but eventually I do want to add SSO and get User.Read access for personalization. 

1 Reply

Hi @SadPython - Thanks for raising the query.

For a basic Teams tab that is static and only has redirection buttons, no permissions are needed initially. However, to add Single Sign-On (SSO) and User.Read access later, follow these steps:

  1. Configure API Permissions in Azure AD:
  • Open your registered app in the Azure portal.
  • Go to Manage > API permissions.
  • Click + Add a permission, select Microsoft Graph, choose Delegated permissions, find User.Read, and add it.
  1. Implement OAuth 2.0 On-Behalf-Of Flow:
  • This flow allows your app to get access tokens for Microsoft Graph on behalf of the user. Refer to the OAuth 2.0 On-Behalf-Of flow documentation for details.
  1. Token Cache Serialization:
  1. Use Microsoft Teams MSAL2 Provider:

These steps will help you add SSO and User.Read access to your Teams tab app. Always request permissions only when needed to ensure security. For more details, please refer the documentation for app permissions and Microsoft Graph permissions.