MicrosoftDocs · v-shalinirob · Apr 14, 2026 · Apr 14, 2026 · Apr 15, 2026 · Apr 15, 2026
diff --git a/msteams-platform/TOC.yml b/msteams-platform/TOC.yml
@@ -66,7 +66,7 @@
         - name: Add cloud resources and API connection
           href: toolkit/add-resource.md  
           displayName: application, endpoint
-        - name: Add SSO to Teams app
+        - name: Add authentication to Teams agent or app
           href: toolkit/add-single-sign-on.md
         - name: Enable SSO for Teams app
           href: toolkit/develop-single-sign-on-experience-in-teams.md

diff --git a/msteams-platform/toolkit/add-single-sign-on.md b/msteams-platform/toolkit/add-single-sign-on.md
@@ -1,54 +1,50 @@
 ---
-title: Add single sign-on to your Teams apps
-description: In this module, learn how to add single sign-on (SSO) of Microsoft 365 Agents Toolkit, enable SSO support, and update your application to use SSO.
+title: Add autentication to your Teams agent or apps
+description: In this module, learn how to add single sign-on (SSO) of Microsoft 365 Agents Toolkit, enable SSO support, and update your agent or app to use SSO.
 ms.localizationpriority: medium
 ms.topic: overview
-ms.date: 05/20/2022
+ms.date: 04/15/2026
 ---
-# Add single sign-on to Teams app
+# Add authentication to Teams agent or app
 
-Microsoft Teams provides single sign-on (SSO) function for an app to obtain signed in Teams user token to access Microsoft Graph and other APIs. Microsoft 365 Agents Toolkit (previously known as Teams Toolkit) facilitates the interaction by abstracting few of the Microsoft Entra ID flows and integrations behind simple APIs and enables you to add SSO features easily to your Teams app.
+Microsoft Teams supports adding authentication to your agents or apps. You can add single sign-on (SSO) or OAuth authentication. Microsoft 365 Agents Toolkit (formerly Teams Toolkit) enables you to add authentication using Microsoft 365 Agents SDK and Teams SDK as well.
 
-## Add SSO to Teams app for Microsoft Visual Studio Code
+For more information, see [authenticate users in Microsoft Teams](../concepts/authentication/authentication.md) and [add authentication using Teams SDK](/microsoftteams/platform/teams-sdk/teams/user-authentication/overview).
 
-For apps that interact with the user in a chat, Team, or channel, SSO manifests as an Adaptive Card, which the user can interact with to invoke the Microsoft Entra consent flow.
+## SDK options for adding authentication
 
-## Enable SSO support
+Based on how you distribute your agent or app, use one of the following SDKs:
 
-Agents Toolkit helps you to add SSO to the following Teams capabilities in Visual Studio Code:
+- Use [Teams SDK](/microsoftteams/platform/teams-sdk/teams/user-authentication/overview) to add SSO authentication to your Teams agents.
+- Use [Microsoft 365 Agents SDK](/microsoft-365/agents-sdk/microsoft-authentication-library-configuration-options) to add authentication to agents that extend across Microsoft 365.
 
-* Tab
-* Bot
-* Notification bot: express server
-* Command bot
-* Workflow bot
-* Message extension
+## View how-to guide for adding SSO using Microsoft Agents Toolkit
 
-### Add SSO using Visual Studio Code
-
-You can perform the following steps to add SSO using Agents Toolkit in Visual Studio Code:
+Follow these steps to add SSO authentication using Agents Toolkit:
 
 1. Open **Visual Studio Code**.
 2. Select **Microsoft 365 Agents Toolkit** from the Visual Studio Code activity bar.
 3. Select **View How-to Guides** in the **DEVELOPMENT** section.
 
    :::image type="content" source="~/assets/images/toolkit-v2/manual/select-view-how-to-guides.png" alt-text="Screenshot shows the option to select View How-to Guides under Development.":::
 
-4. From the dropdown list, select **Develop Single Sign-On Experience in Teams**. You're redirected to the respective How-to guide.
+4. From the dropdown list, select **Develop Single Sign-On Experience in Teams**. You're redirected to its how-to guide.
 
    :::image type="content" source="../assets/images/toolkit-v2/add-sso/sso-select features_1.png" alt-text="Screenshot shows the Single Sign-on feature highlighted in red in the Visual Studio Code.":::
 
    |**Development** | **How-to Guide** |
    | -------- | --------|
-   |Develop Single Sign-on Experience in Teams | [Enable single sign-on for tab app](develop-single-sign-on-experience-in-Teams.md) |
+   | Add SSO authentication to agents and apps using Teams SDK | [SSO setup for agents and apps](/microsoftteams/platform/teams-sdk/essentials/app-authentication?pivots=csharp) |
+   | Develop SSO experience in Teams tab app | [Enable single sign-on for tab app](develop-single-sign-on-experience-in-Teams.md) |
+   | Develop SSO experience in Teams bot and message extension app | [Enable SSO for your bot and message extension](../bots/how-to/authentication/bot-sso-overview.md) |
 
 > [!NOTE]
-> When SSO is enabled, Agents Toolkit by default provisions a single-tenant Microsoft Entra app, which means only user and guest accounts in the same directory as your M365 account can sign in to your Teams app. For more information on supporting multitenant to update your TeamsFx project, see [Multi-tenancy support for Microsoft Entra app](https://github.com/OfficeDev/TeamsFx/wiki/Multi-tenancy-Support-for-Azure-AD-app).
+> When SSO is enabled, the Agents Toolkit automatically creates a dedicated Microsoft Entra app. This setup allows only users and guest accounts within the same directory as your M365 account to access your Teams agent or app.
+>
+> For more information on supporting multitenant to update your TeamsFx project, see [multi-tenancy support for Microsoft Entra app](https://github.com/OfficeDev/TeamsFx/wiki/Multi-tenancy-Support-for-Azure-AD-app).
 
 ## See also
 
-* [Microsoft 365 Agents Toolkit Overview](agents-toolkit-fundamentals.md)
-* [Prerequisites for creating your Teams app](tools-prerequisites.md)
-* [Enable SSO for tab app](../tabs/how-to/authentication/tab-sso-overview.md)
-* [Enable SSO for your bot and message extension](../bots/how-to/authentication/bot-sso-overview.md)
-* [Prepare Accounts to build your Teams app](tools-prerequisites.md#accounts-to-build-your-teams-agent-or-app)
+- [Microsoft 365 Agents Toolkit Overview](agents-toolkit-fundamentals.md)
+- [Prepare Accounts to build your Teams app](tools-prerequisites.md#accounts-to-build-your-teams-agent-or-app)
+- [Configure your .NET agent to use OAuth using Microsoft 365 Agents SDK](/microsoft-365/agents-sdk/agent-oauth-configuration-dotnet)
diff --git a/msteams-platform/toolkit/develop-single-sign-on-experience-in-Teams.md b/msteams-platform/toolkit/develop-single-sign-on-experience-in-Teams.md
@@ -2,35 +2,57 @@
 title: Develop Single Sign-on Experience
 description: Learn how to develop single sign-on experience in Teams app using Microsoft 365 Agents Toolkit.
 ms.topic: reference
-ms.date: 12/17/2024
+ms.date: 04/15/2026
 ms.localizationpriority: medium
 ---
 
-# Enable single sign-on for Teams app
+<!-- markdownlint-disable MD001 -->
+<!-- markdownlint-disable MD024 -->
 
-Microsoft Teams provides single sign-on (SSO) function for an app to obtain signed in Teams user token to access Microsoft Graph and other APIs. Microsoft 365 Agents Toolkit (previously known as Teams Toolkit) streamlines the process by incorporating certain Microsoft Entra workflows and integrations into straightforward, high-level APIs. As a result, you can effortlessly incorporate SSO capabilities into your Teams app. For more information, see [authenticate users in Microsoft Teams.](../concepts/authentication/authentication.md)
+# Enable single sign-on for Teams agent and app
+
+Microsoft 365 Agents Toolkit (formerly Teams Toolkit) simplifies adding SSO authentication to your agents and apps. The toolkit abstracts few of the Microsoft Entra ID flows and integrations behind simple APIs, enabling you to add SSO features easily to your Teams agent or app.
 
 ## Key configurations
 
-To enable SSO, configure your Teams app as follows:
+To enable SSO, configure your Teams agent and app as follows:
 
 * **Microsoft Entra app manifest**: Ensure to define URIs, including the URI that identifies the Microsoft Entra authentication app and the redirect URI that returns the token.
 
-* **Teams app manifest**: Connect your SSO app to your Teams app by incorporating the correct configuration.
+* **Teams app manifest**: Connect your Microsoft Entra authentication app to your Teams agent or app by incorporating the correct configuration.
+
+* **Agents Toolkit configuration and infra files**: Ensure the necessary configurations are in place to enable SSO for your Teams agent or app.
+
+* **SSO app information in Agents Toolkit configuration files**: Ensure the Microsoft Entra authentication app is registered with the backend service, and that the Agents Toolkit triggers it when debugging or previewing the Teams agent or app.
+
+## Enable SSO for Teams agents
+
+Microsoft Teams supports single sign-on (SSO), which allows an agent or app to securely request an access token for the currently signed-in Teams user. This token can then be used to call Microsoft Graph and other protected APIs without prompting the user to sign in again.
+
+You can enable [SSO authentication for users with Teams SDK](/microsoftteams/platform/teams-sdk/teams/user-authentication/sso-setup).
 
-* **Agents Toolkit configuration and infra files**: Ensure the necessary configurations are in place to enable SSO for your Teams app.
+## Enable SSO for Teams apps
 
-* **SSO app information in Agents Toolkit configuration files**: Ensure the authentication app registers on the backend service and Agents Toolkit initiates it during the debugging or previewing of the Teams app.
+Choose one of the following to enable SSO for your Teams app:
 
 # [Tab app](#tab/tab-app)
 
-## Create Microsoft Entra app manifest
+To enable SSO for your tab app:
+
+1. [Create Microsoft Entra app manifest](#create-microsoft-entra-app-manifest)
+1. [Update Teams app manifest](#update-teams-app-manifest)
+1. [Update Agents Toolkit configuration files](#update-agents-toolkit-configuration-files)
+1. [Update source code](#update-source-code)
+1. [Debug your app](#debug-your-app)
+1. [Customize Microsoft Entra app](#customize-microsoft-entra-app)
+
+### Create Microsoft Entra app manifest
 
 1. Download the Microsoft Entra app manifest [template](https://github.com/OfficeDev/microsoft-365-agents-toolkit/blob/dev/packages/fx-core/templates/plugins/resource/aad/manifest/tab/aad.manifest.template.json).
 
-1. Add the downloaded app manifest template code to `./aad.manifest.json` file. This allows you to customize different aspects of your app registration and update the manifest as required. For more information, see [app manifest](/entra/identity-platform/reference-app-manifest).
+1. Add the downloaded app manifest template code to `./aad.manifest.json` file of your agent or app project. This allows you to customize different aspects of your app registration and update the manifest as required. For more information, see [app manifest](/entra/identity-platform/reference-app-manifest).
 
-## Update Teams app manifest
+### Update Teams app manifest
 
 In the `./appPackages/manifest.json` file, add the following code:
 
@@ -46,12 +68,14 @@ In the `./appPackages/manifest.json` file, add the following code:
 > [!NOTE]
 > You can use `{{ENV_NAME}}` to reference variables in `env/.env.{TEAMSFX_ENV}` file.
 
-## Update Agents Toolkit configuration files
+[Back to top](#create-microsoft-entra-app-manifest)
+
+### Update Agents Toolkit configuration files
 
 1. Locate your Agents Toolkit configuration files, such as `./m365agents.yml` and `./m365agents.local.yml`. Update the required configurations related to Microsoft Entra in these files.
 
 1. Add the `aadApp/create` action under `provision` in `./m365agents.yml` and `./m365agents.local.yml` to create new Microsoft Entra app used for SSO:
-  
+
     ```yaml
     - uses: aadApp/create
       with:
@@ -67,7 +91,7 @@ In the `./appPackages/manifest.json` file, add the following code:
     ```
 
     > [!NOTE]
-    > Replace the `name` value with the desired name for your Teams app.
+    > Replace the `name` value with the desired name for your Teams agent or app.
 
     For more information, see [`aadApp/create`.](https://github.com/OfficeDev/microsoft-365-agents-toolkit/wiki/Available-actions-in-Teams-Toolkit#aadappcreate)
 
@@ -105,13 +129,15 @@ In the `./appPackages/manifest.json` file, add the following code:
       REACT_APP_START_LOGIN_PAGE_URL: ${{TAB_ENDPOINT}}/auth-start.html
     ```
 
-## Update source code
+[Back to top](#create-microsoft-entra-app-manifest)
+
+### Update source code
 
-With the above changes implemented, your environment is prepared. You can now update your code to incorporate SSO into your Teams app.
+With the above changes implemented, your environment is prepared. You can now update your code to incorporate SSO into your Teams agent or app.
 
-### Vanilla JavaScript
+#### Vanilla JavaScript
 
-For a tab app that doesn't uses React, use the following code as a basic example to obtain the SSO token:
+For a tab app that doesn't use React, use the following code as a basic example to obtain the SSO token:
 
 ```javascript
 function getSSOToken() {
@@ -131,7 +157,7 @@ function getBasicUserInfo() {
 }
 ```
 
-### React
+#### React
 
 For React projects, ensure the following environment variables are set in your deployment process:
 
@@ -152,15 +178,28 @@ To update your source code, follow these steps:
 
 For more information, see [SSO enabled tab app.](https://github.com/OfficeDev/microsoft-365-agents-toolkit-samples/tree/dev/hello-world-tab-with-backend)
 
-# [Bot/message extension app](#tab/message-extension-app)
+[Back to top](#create-microsoft-entra-app-manifest)
 
-## Create Microsoft Entra app manifest
+# [Bot or message extension app](#tab/message-extension-app)
+
+To enable SSO for your bot or message extension app:
+
+1. [Create the Microsoft Entra app manifest](#create-the-microsoft-entra-app-manifest)
+1. [Update the Teams app manifest](#update-the-teams-app-manifest)
+1. [Update the Agents Toolkit configuration files](#update-the-agents-toolkit-configuration-files)
+1. [Update Infra configuration](#update-infra-configuration)
+1. [Update the source code](#update-the-source-code)
+1. [Create the Microsoft Entra app manifest](#create-the-microsoft-entra-app-manifest)
+1. [Debug your app](#debug-your-app)
+1. [Customize Microsoft Entra app](#customize-microsoft-entra-app)
+
+### Create the Microsoft Entra app manifest
 
 1. Download the Microsoft Entra app manifest [template](https://github.com/OfficeDev/microsoft-365-agents-toolkit/blob/dev/packages/fx-core/templates/plugins/resource/aad/manifest/bot/aad.manifest.template.json).
 
 1. Add the downloaded app manifest template code to `./aad.manifest.json` file. This allows you to customize different aspects of your app registration and update the manifest as required. For more information, see [app manifest](/entra/identity-platform/reference-app-manifest).
 
-## Update Teams app manifest
+### Update the Teams app manifest
 
 1. In the `./appPackages/manifest.json` file, add the following code:
 
@@ -195,12 +234,14 @@ For more information, see [SSO enabled tab app.](https://github.com/OfficeDev/mi
     ]
     ```
 
-## Update Agents Toolkit configuration files
+[Back to top](#create-the-microsoft-entra-app-manifest)
+
+### Update the Agents Toolkit configuration files
 
 1. Locate your Agents Toolkit configuration files, such as `./m365agents.yml` and `./m365agents.local.yml`. Update necessary configurations related to Microsoft Entra in these files.
 
 1. Add the following code `aadApp/create` under `provision` in `./m365agents.yml` and `./m365agents.local.yml` to create new Microsoft Entra apps used for SSO:
-  
+
     ```yaml
     - uses: aadApp/create
       with:
@@ -248,7 +289,9 @@ For more information, see [SSO enabled tab app.](https://github.com/OfficeDev/mi
       M365_APPLICATION_ID_URI: api://botid-${{BOT_ID}}
     ```
 
-## Update Infra
+[Back to top](#create-the-microsoft-entra-app-manifest)
+
+### Update Infra configuration
 
 Update Microsoft Entra-related configurations in your remote service. The following example shows the configuration settings on an Azure Web App:
 
@@ -315,8 +358,9 @@ To use the `teamsFx` tab or bot template, follow these steps:
         ```bash
         WEBSITE_NODE_DEFAULT_VERSION: '14.20.0'
         ```
+[Back to top](#create-the-microsoft-entra-app-manifest)
 
-   ## Update Source Code
+   ### Update the source code
 
    # [Bot](#tab/bot)
 
@@ -387,6 +431,8 @@ To use the `teamsFx` tab or bot template, follow these steps:
         });
         ```
 
+    [Back to top](#create-the-microsoft-entra-app-manifest)
+
    # [Message extension](#tab/messaging-extension)
 
    1. Implement the API key `handleMessageExtensionQueryWithSSO` in `TeamsActivityHandler.handleTeamsMessagingExtensionQuery`. For more information, see [SSO for message extensions](https://github.com/OfficeDev/microsoft-365-agents-toolkit/wiki/SSO-for-Message-Extension).
@@ -454,23 +500,24 @@ To use the `teamsFx` tab or bot template, follow these steps:
         ]
       ```
 
-   ---
+    [Back to top](#create-the-microsoft-entra-app-manifest)
 
----
-
-## Debug your app
+   ---
 
-To debug your app, select the **F5** key. Agents Toolkit uses the Microsoft Entra manifest to register an SSO-enabled app. For more information, see [debug your Teams app locally.](debug-local.md)
+### Debug your app
 
-## Customize Microsoft Entra apps
+To debug your app, select the **F5** key. Agents Toolkit uses the Microsoft Entra manifest to register an SSO-enabled app. For more information, see [debug your Teams app locally](debug-local.md).
 
-Teams [app manifest](/entra/identity-platform/reference-app-manifest) enables you to customize different aspects of your app registration. You can update the manifest as required.
+### Customize Microsoft Entra app
 
-To include additional API permissions to access your desired APIs, see [edit Microsoft Entra manifest](AAD-manifest-customization.md).
+Teams [app manifest](/entra/identity-platform/reference-app-manifest) enables you to customize different aspects of your app registration. You can update the manifest as required. See [edit Microsoft Entra manifest](AAD-manifest-customization.md) to:
 
-To view your Microsoft Entra app in Azure portal, see [edit Microsoft Entra manifest](AAD-manifest-customization.md).
+* Include additional API permissions to access your desired APIs.
+* View your Microsoft Entra app in Azure portal.
 
 ## See also
 
 * [Enable SSO for tab app](../tabs/how-to/authentication/tab-sso-overview.md)
 * [Enable SSO for your bot and message extension](../bots/how-to/authentication/bot-sso-overview.md)
+* [Authentication setup using Teams SDK](/microsoftteams/platform/teams-sdk/teams/app-authentication/overview)
+* [Microsoft 365 Agents SDK](/microsoft-365/agents-sdk/agents-sdk-overview)