Frequently asked questions

How do users sign in to the app?

Users are requested to sign in to the app when they first perform an action that requires access to their Sage People account.

Users can begin the login process manually by typing login. Users can end their session by typing logout.

See Signing in.

How long does a user session last?

By default, users are not required to re-authenticate to Sage People through Microsoft Teams unless an administrator revokes their user session.

To change the refresh timeout and require users to periodically re-authenticate the connection between Microsoft Teams and Sage People, you can install the Digital Assistant Prod connected app in your organization and edit the Refresh Token Policy setting. See Manage connected app settings (optional).

How do I log out a user remotely?

System administrators can revoke active user sessions, and prevent users from signing in to the app by revoking OAuth connected app permissions using the Setup section of the HR administrator portal.

See Remote access revocation (Teams app).

How does the app keep user data safe?

The service uses the OAuth 2.0 authorization standard to permit a connected app to access the user's Sage People information. A Sage Digital Experience service layer securely links your Sage People organization with your Azure account, and manages all user session information.

Session information such as the access token and refresh token required for authentication are stored securely within the AWS service layer using AES-GCM-256 encryption. The user's username and password are not stored.

See Security overview for more information.

How do I configure Teams integration for some users and not others?

You can manage which users have access to use the Teams app by selectively assigning the MS Teams permission set. See Assign permission sets.

Can I use another SSO provider with Microsoft 365 integration?

Only Microsoft Azure AD is currently supported. If you want to implement the integration with another provider such as Okta, ensure that the Federation ID field is populated for users with the same email address used for your Microsoft 365 implementation. However, note that Sage People does not support this configuration at this time.