How do users sign in to the app?
Users are requested to sign in to the app when they first perform an action that requires access to their Sage People account.
Users can begin the login process manually by typing login. Users can end their session by typing logout.
See Signing in.
How long does a user session last?
The user session lasts as long as the user has a valid auth token. The auth token won't expire, as long as you've configured the UpdateAuthTokensBatch batch to run daily. This updates the Refresh tokens. See Security Overview point 9) for further details.
The user session isn't the same as the secure connection between your Sage People org and your Azure instance. This requires you to configure a Client Secret, with a maximum possible value of 12 months. You'll need to create a new Client Secret when it expires. This won't impact existing user sessions, and users won't need to re-enroll when you renew the Client Secret.
How do I log out a user remotely?
System administrators can revoke active user sessions, and prevent users from signing in to the app by revoking OAuth connected app permissions using the Setup section of the HR administrator portal.
See Remote access revocation (Teams app).
How does the app keep user data safe?
The service uses the OAuth 2.0 authorization standard to permit a connected app to access the user's Sage People information. A Sage Digital Experience service layer securely links your Sage People organization with your Azure account, and manages all user session information.
Session information such as the access token and refresh token required for authentication are stored securely within the AWS service layer using AES-GCM-256 encryption. The user's username and password are not stored.
See Security overview for more information.
How do I configure Teams integration for some users and not others?
You can manage which users have access to use the Teams app by selectively assigning the MS Teams permission set. See Assign permission sets.
Can I use another SSO provider with Microsoft 365 integration?
Only Microsoft Azure AD is currently supported. If you want to implement the integration with another provider such as Okta, ensure that the Federation ID field is populated for users with the same email address used for your Microsoft 365 implementation. However, note that Sage People does not support this configuration at this time.