Overview
For some companies, access to Office 365 / Microsoft Teams resources is restricted. If you can’t login from Jira or Microsoft Teams, your Office 365 administrator might need to consent to the app for you.
In case you are interested in the exact permissions and why we need them, please check out this dedicated permissions article.
Approving access for all users
To approve access for the app for all users, please send your Office 365 administrator the following link.
https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=c5369158-6b37-4ba6-935d-a5c29f6e0d7f&state=no&redirect_uri=https://atlassianconnect.yasoon.com/views/login-success.html&scope=https://graph.microsoft.com/.default
Your admin will see the following screen, where the permissions can be confirmed. Please note, that despite what the screen says in the subtext, we won’t get access to all user resources after approving this. Before we can get access to any Microsoft Teams data, the users will need to log in with their own account as well from Jira.
Approving access for a limited set of users
In case you only want to approve the access for a limited set of users, e.g. you already have a dedicated AzureAD group for Jira users, please follow the steps below.
Usually, when approving the app for the first time, it’ll create a “service principal / enterprise application” in your AzureAD tenant. You can check if you already have an enterprise app by checking this page (search for Teams):
https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/
If you don’t have an entry for our Teams app yet, you’ll need to use Powershell to create it manually.
# Install Powershell module for Azure (if you don't have it yet) Install-Module AzureAD # Connect to Azure interactively Connect-AzureAD -Confirm # Create the new service principal New-AzureADServicePrincipal -AppId c5369158-6b37-4ba6-935d-a5c29f6e0d7f -Tags {WindowsAzureActiveDirectoryIntegratedApp}
Afterwards, you should be able to find the enterprise app in the UI linked above, where you can restrict the application to certain users or groups.