Overview

Torii integrates with Microsoft Teams and syncs users, licenses, and external apps.

• You can connect multiple Microsoft Teams accounts to Torii.
• You can constantly stay updated with application information from our Integrations Page >> Integration Capabilities button >> Integration Capabilities table.

Requirements

To connect this integration, we require the following:

Accounts & Permissions

• An administrator who can register an application in Microsoft Entra ID and grant tenant-wide admin consent.

Scopes

Grant the following Microsoft Graph application permissions (with admin consent).

For data sync (required):

• User.Read.All - to read users.
• Group.Read.All - to read Microsoft Teams-enabled groups.
• GroupMember.Read.All - to read group members.
• TeamMember.Read.All - to read team members.
• Channel.ReadBasic.All - to read team channels.
• Organization.Read.All - to read organization and tenant information.
• TeamsAppInstallation.ReadForUser.All - to read the apps installed for each user.
• RoleManagement.Read.Directory - to read directory role definitions and assignments.

For workflow actions (only if you plan to run them):

• User.ReadWrite.All - to create, update, and delete users, assign/remove managers, change user type, and enable/disable accounts.
• TeamMember.ReadWrite.All - to add and remove users from teams.
• User.RevokeSessions.All - to revoke user sign-in sessions.

Required keys

• Tenant ID (Directory ID)
• Application (Client) ID
• Client Secret

How to Generate the Required Values

Step 1: Register an application

1. Sign in to the Microsoft Entra admin center (entra.microsoft.com) with an account that can register applications and grant admin consent (Global Administrator, or Privileged Role Administrator and Cloud Application Administrator).
2. Go to Identity > Applications > App registrations > New registration.
3. Enter a name (for example, "Torii Microsoft Teams").
4. Under Supported account types, select Accounts in this organizational directory only (Single tenant).
5. Leave Redirect URI empty (not needed for app-only authentication).
6. Select Register.
7. On the application's Overview page, copy the Directory (tenant) ID and the Application (client) ID.

Step 2: Create a client secret

1. Open Certificates & secrets > Client secrets > New client secret.
2. Add a description and select the longest available expiry (recommended, so the connection needs re-credentialing less often).
3. Select Add.
4. Copy the secret Value immediately (copy the Value, not the Secret ID).

Step 3: Grant Microsoft Graph application permissions

1. Open API permissions > Add a permission > Microsoft Graph > Application permissions.
2. Search for and add each permission listed under Requirements > Scopes above — the read permissions for data sync, plus the write permissions if you plan to run workflow actions.
3. Select Grant admin consent and confirm.
4. Verify each permission shows a green Granted status.

How to Connect the Integration

1. Go to the Integrations page in Torii.
2. Search for Microsoft Teams and click Connect.
3. Select the App registration connection method.
4. Enter the Tenant ID, Application (Client) ID, and Client Secret.
5. To use workflow actions, choose the read/write permission option.
6. Click Connect.

Additional Notes

• Supported workflow actions with this method (connect as read/write and grant the write permissions above): create / update / delete user, enable / disable account, assign / remove manager, change user type, revoke sign-in sessions, add / remove users from teams, remove user from all teams, and bot-based messaging — send message from bot to users and send message from bot to channels (requires the Torii Bot to be installed in the target team or the user's personal scope).
• Not available with the app-registration method (connect with the Admin user method to use these): change user password, send message to a channel, and send message to a user (the "send as the signed-in user" actions).

For any further questions, please contact Torii Support.