Recording Entra ID SSO setup

Recording Entra ID SSO setup

This page provides documentation on integrating Microsoft Entra ID SSO with Unique's recording platform, enabling a seamless and secure single sign-on experience for users.

Automatic setup

Generally customers do not need to configure anything manually, it is sufficient to login on UNIQUE with Microsoft and grant the requested permissions for the organization. The app registration will be automatically created. For this step you need to have permission to consent to an app registration on behalf of your organisation.

Manual Entra ID setup in advance

The customer needs to create an app registration in Microsoft Entra ID of the platform type “Web” with ID tokens and the following redirect URIs:

https://www.unique.app/login https://www.unique.app/auth/microsoft-teams/success-admin https://www.unique.app/auth/microsoft-teams/success https://www.unique.app/auth/microsoft-teams/start https://www.unique.app/auth/microsoftAuth/admin https://www.unique.app/auth/microsoftauth/callback

The API permissions needed to work with UNIQUE recording are

Permission

Why is it required?

Permission

Why is it required?

email

Identify the user towards the unique user, needed for any oauth flow

openid

Generally needed to intract with the Microsoft APIs, for any oauth flow https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes

profile

Profile is need for any oAuth flow

User.Read

User information is needed for gettting the user Name.
And to get the userId to identify the user correctly.
https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#response-1

Calendars.Read

  • Needed in order to install the uniqueApp (the Q) in MS-Teams so users can open the sidebar. This sidbar allows to invite the bot to the meeting and remove it later on.

  • Needed to send the bot automatically into a call.

  • Needed to manage the recordings on the plaform by date.

  • Needed to make sure people who participated have access to the meeting.

  • To name the recording corrctly for findability.

Chat.Read

Technical reason: To unambgously identify the correct meeting URL for the bot to join. To get the correc Oid and Tid from the meeting.
Else the bot can not join the correct meetings.

Contacts.Read

To resolve the correct people to share the meeting with in the unique interface. To distinguish between internal and external participants to the meeting.

OnlineMeetings.ReadWrite

Needed in order to install the uniqueApp (the Q) in MS-Teams so users can open the sidebar. This sidbar allows to invite the bot to the meeting.

TeamsAppInstallation.ReadWriteForChat

Needed in order to install the uniqueApp (the Q) in MS-Teams so users can open the sidebar. This sidbar allows to invite the bot to the meeting.
Delegated Admin approval needed

TeamsTab.ReadWriteForChat

Needed in order to install the uniqueApp (the Q) in MS-Teams so users can open the sidebar. This sidbar allows to invite the bot to the meeting.
Delegated Admin approval needed

offline_access

Needed in order to subscribe to chages in calendar events and fetch details of the calendar changes in the background. (See Calendars.Read why we need the calendar access)
Delegated Admin approval needed

 

It is advised to create a dedicated group for users that should be allowed to use UNIQUE and only allow this user group access to the application.

 


Author

@Michael Dreher

© 2025 Unique AG. All rights reserved. Privacy PolicyTerms of Service