Microsoft Teams supports OAuth-based authentication using Microsoft Entra ID, formerly known as Azure Active Directory (Azure AD). You must register a custom OAuth application in the Entra Admin center when connecting via web applications or when your organization requires custom branding, redirect URIs, or advanced credential management.

CData embeds OAuth Application Credentials with CData branding that can be used when connecting to Microsoft Teams via a desktop application or a headless machine. However, for greater control and security, you may register your own custom application in Microsoft Entra ID.

Custom OAuth applications are also compatible with desktop and headless authentication flows, and may be preferable for production deployments or environments requiring strict policy control.

Note: Microsoft has rebranded Azure AD as Entra ID. In topics that require the user to interact with the Entra ID Admin site, we use the same names Microsoft does. However, there are still CData connection properties whose names or values reference "Azure AD".

Registering the Application

To register an OAuth application in Microsoft Entra ID, follow these steps:

1. Go to https://portal.azure.com.
2. In the left-hand navigation pane, select Microsoft Entra ID > App registrations.
3. Click New registration.
4. Enter a name for the application.
5. Specify the types of accounts this application should support:
   • For private-use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note: If you select Accounts in this organizational directory only, when you connect with CData MCP Server for Microsoft Teams, you must set AzureTenant to the tenant's ID (either GUID or verified domain). Otherwise, authentication will fail.

6. Set the redirect URI to http://localhost:33333 (default), or use another URI appropriate for your deployment. When using a custom redirect URI set a CallbackURL connection property; in those cases, set it to match this URI exactly.
7. Click Register. The application management screen opens. Record these values for later use:
   • Application (client) ID is used for OAuthClientId
   • Directory (tenant) ID is used for AzureTenant
8. Go to Certificates & Secrets. Click New Client Secret, set the desired expiration, and save the generated value. This value will only be shown once — record it to use with OAuthClientSecret.
9. Select Required Permissions and then click Add. Under Select an API, select the Microsoft Graph and specifically select the Group.ReadWrite.All, AppCatalog.ReadWrite.All, and User.Read.All permissions.
10. Click Add permissions to confirm.

Microsoft Teams supports OAuth-based authentication using Microsoft Entra ID, formerly known as Azure Active Directory (Azure AD). You must register a custom OAuth application in the Entra Admin center when connecting via web applications or when your organization requires custom branding, redirect URIs, or advanced credential management.

CData embeds OAuth Application Credentials with CData branding that can be used when connecting to Microsoft Teams via a desktop application or a headless machine. However, for greater control and security, you may register your own custom application in Microsoft Entra ID.

Custom OAuth applications are also compatible with desktop and headless authentication flows, and may be preferable for production deployments or environments requiring strict policy control.

Note: Microsoft has rebranded Azure AD as Entra ID. In topics that require the user to interact with the Entra ID Admin site, we use the same names Microsoft does. However, there are still CData connection properties whose names or values reference "Azure AD".

Registering the Application

To register an OAuth application in Microsoft Entra ID, follow these steps:

1. Go to https://portal.azure.com.
2. In the left-hand navigation pane, select Microsoft Entra ID > App registrations.
3. Click New registration.
4. Enter a name for the application.
5. Specify the types of accounts this application should support:
   • For private-use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note: If you select Accounts in this organizational directory only, when you connect with CData MCP Server for Microsoft Teams, you must set AzureTenant to the tenant's ID (either GUID or verified domain). Otherwise, authentication will fail.

6. Set the redirect URI to http://localhost:33333 (default), or use another URI appropriate for your deployment. When using a custom redirect URI set a CallbackURL connection property; in those cases, set it to match this URI exactly.
7. Click Register. The application management screen opens. Record these values for later use:
   • Application (client) ID is used for OAuthClientId
   • Directory (tenant) ID is used for AzureTenant
8. Go to Certificates & Secrets. Click New Client Secret, set the desired expiration, and save the generated value. This value will only be shown once — record it to use with OAuthClientSecret.
9. Select Required Permissions and then click Add. Under Select an API, select the Microsoft Graph and specifically select the Group.ReadWrite.All, AppCatalog.ReadWrite.All, and User.Read.All permissions.
10. Click Add permissions to confirm.