Required Roles
| Role | Purpose |
|---|---|
| Global Administrator or Cloud Application Administrator | Create/configure the multitenant app registration and grant tenant-wide admin consent. |
| Teams Administrator | Upload the Teams app package and configure setup policies. |
Required Materials
| Material | Source |
|---|---|
| Callback URL / redirect URI value | Provided by Altoura per deployment model (SaaS or Customer Tenant). |
| Expose API configuration values (Application ID URI / scope pattern) | Provided by Altoura. |
Teams app package (.zip file) | Generated and provided by Altoura after you share your tenant details. |
Tenant Requirements
| Requirement | Details |
|---|---|
| Microsoft 365 | Active tenant with Teams licenses for all participating users. |
| Azure Active Directory (Entra ID) | Your organization must have an Entra ID tenant. |
| Azure subscription | Required to deploy the Azure Communication Services (ACS) resource. |
| Teams Admin Center access | Needed to upload the app and configure setup policies. |
| Network access | HTTPS access to altouraremoteacs.azurewebsites.net (SaaS) or your custom Azure Web App URL (Customer Tenant deployment). |
Expose an API: Teams SSO Configuration
Teams SSO requires the multitenant app registration to expose an API (Application ID URI patternapi://<app-host>/<application-client-id>) with a delegated scope named access_as_user, and to pre-authorize client applications under Expose an API -> Add a client application.
The authorized client applications are added in two stages:
| When | Client application(s) added |
|---|---|
| Up front (during app registration setup) | Microsoft Teams clients: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 (desktop/mobile) and 5e3ce6c0-2b1f-4285-8d4b-75ee78787346 (web) |
| After uploading the Teams app | The Altoura Remote Expert Teams app’s Object ID, copied from Teams Admin Center |