HyHyve for Microsoft Teams

Integrating Microsoft Entra ID (formerly known as Azure Active Directoy) SSO and Security Groups with HyHyve to manage access and memberships in Teams is a common requirement in modern IT environments. Here’s an overview of the three most important options to manage HyHyve access via Microsoft Entra ID.

Single Sign-On (SSO)

1. What authentication method is used?

Question: What authentication method is used when installing the HyHyve App from the Teams App Store or the delivered Manifest?

Answer: Authentication is done through the OAuth 2.0 protocol. This process is call “OAuth consent Flow”. This allows HyHyve to access specific resources on behalf of users without requiring them to share their login credentials directly.

2. What is the OAuth Consent Flow?

Question: What does the OAuth Consent Flow mean, and how does it work?

Answer: The OAuth Consent Flow is the process by which users or administrators grant HyHyve the necessary permissions. HyHyve requests specific access rights, and the user and administrator must approve these permissions for HyHyve to access the requested resources.

3. What permissions does HyHyve require, and what are they used for?

Microsoft Graph permissions (Microsoft Graph overview - Microsoft Graph | Microsoft Learn):

openid (Delegated): Enables user authentication, ensuring users can securely log into HyHyve.
User.Read (Delegated): Enables HyHyve to read the user profile and show basic user information in HyHyve.
email (Delegated): Allows HyHyve to access users' email addresses. This is used for identification purposes.
OnlineMeetings.ReadWrite (Delegated): Allows HyHyve to read and create online meetings on behalf of users. This is used to create ad-hoc meetings and meeting areas in HyHyve.
Presence.Read (Delegated): This gives HyHyve the ability to read a user's presence status (e.g., available, busy). It is used to show the user's status to other users in HyHyve.
profile (Delegated): This allows HyHyve to access basic user profiles, such as names and contact information. It is used to transfer basic information to the HyHyve user profile.
Notifications.ReadWrite.CreatedByApp (Delegated): This permission will be needed to create and manage notifications generated by HyHyve. This function is used to inform users about important events or updates.

4. What additional permissions will be required in the future, and why?

Microsoft Graph App permissions: