Step 2. Create a scope and authorize the client application

Table of Contents



Under your Workspace SSO app registration in Microsoft Entra ID (previously called Azure AD), create a scope defined by this API and authorize the client application. 



Create a scope in Microsoft Entra ID

To create a scope defined by this API:

  1. In Azure, navigate to your Workspace SSO app registration in Microsoft Entra ID.
  2. Under Manage, select Expose an API.
  3. Select Add a scope.
    1. In the panel that opens, enter access_as_user as the scope name.
    2. In the Who can consent? box, enter Admins and users.
    3. Enter the details in the boxes for configuring the admin and user consent prompts with values that are appropriate for the access_as_user scope:
      • Admin consent display name: Teams can access the user’s profile.
      • Admin consent description: Teams can call the app’s web APIs as the current user.
      • User consent display name: Teams can access your profile and make requests on your behalf.
      • User consent description: Teams can call this app’s APIs with the same rights as you have.
    4. Ensure that State is set to Enabled.
  4. Select Add scope to save the details.



Authorize the client application

In the Authorized client applications section, identify the applications that you want to authorize for your app’s web application.

    1. Select Add a client application.
    2. Enter each of the following client IDs and select the authorized scope you created in the previous step:
      • 1fec8e78-bce4-4aaf-ab1b-5451cc387264 (for Teams mobile or desktop application).
      • 5e3ce6c0-2b1f-4285-8d4b-75ee78787346 (for Teams web application).
    3. Select Add application.


Back to top

Proceed to step 3