Forum Discussion
SSO in Azure doesn't work for the test users from the free Microsoft 365 Developer Program
Hi, I have made an integration of SAP S/4HANA Public Cloud with Microsoft MS Teams functionalities: share as a Tab and share a Card. When the link is sent from the main account, which I used while configurating the Microsoft 365 Developer Program, SSO with SAP BTP works correctly. If I am logged with some of the test accounts, the SSO doesn't work. The roles in Azure are the same, the Application CIS was also assigned to all the users. Other then that everything works fine. Could you please help with that?
3 Replies
- Allen
Community Manager
Welcome to the Microsoft Tech Community Community Lounge, this board is to discuss issues relating to the Microsoft Tech Community.
Your Query appears to be about Microsoft Entra, which can be found here: Microsoft Entra | Microsoft Community Hub, unfortunately we can not assist you with this query so we will move it to the appropriate community.
Please Note: The Microsoft Tech Community is not an official support channel for Microsoft, if you require support then please either contact your account manager, if applicable, or Microsoft Support via https://support.microsoft.com.
Kind regards
Allen Smith
Technical Lead
Microsoft Tech Community Admin TeamIf my answer was helpful please mark it as the solution and like any other replies that you find helpful
hi olacaminan check below
Grant “Admin Consent” at the tenant level
Your application (SAP BTP Enterprise Application + Teams app registration) has API permissions that your test users cannot consent to.
Go to:
Azure Portal → Entra ID → Enterprise Applications → Your SAP BTP App → Permissions
Click:
Grant admin consent for <your tenant>
This is the #1 cause of SSO failing for test users.
---
Make sure test users have the Enterprise App assigned
Go to:
Azure Portal → Entra ID → Enterprise Applications → SAP BTP App → Users and Groups
Even if roles look “same”, check:
User assigned to the app
Correct role (if the app defines appRoles)
Developer tenants sometimes don’t pick up assignments unless you:
Remove the user
Re-add the user
Wait 15 minutes or force token refresh
---
Check Conditional Access
Developer tenants sometimes enable:
Baseline policies
MFA is required
Block legacy authentication
Make sure no CA policy forces extra authentication for test users.
SSO flows break if CA blocks token issuance.
---
Check BTP trust configuration
Your main admin account trusts your Entra ID tenant by default.
Test users must also exist in the SAP BTP subaccount or trust configuration:
User synchronized (if using IAS or Azure AD)
Correct BTP role collections assigned
If test users have no BTP role assignments → SSO fails.
--
Test with a fresh token
Have the test user run:
https://login.microsoftonline.com/logout
Then log in again and retry the Teams SSO feature.
Hello, I had tried earlier all the advices you mentioned but it still doesn't work.
