Microsoft Teams Integration Guide

Overview

EvalFlow's Microsoft Teams integration allows you to sync your organization's users and send evaluation notifications directly through Teams. This guide covers setup, permissions, and troubleshooting.

Prerequisites

To set up the Teams integration, you need:

• Microsoft 365 Subscription with Teams enabled

• Global Administrator or Teams Service Administrator role in your organization

• Azure Active Directory access (included with Microsoft 365)

Setup Instructions

1. Initiate Connection

1. Navigate to Settings → Integrations in EvalFlow

2. Click Connect to Microsoft Teams

3. A popup window will open with the Microsoft consent screen

2. Grant Admin Consent

The Microsoft consent screen will show the permissions EvalFlow requires:

Important Notes:

• These permissions are read-only for user data - EvalFlow cannot modify your directory

• EvalFlow cannot read existing messages, emails, or files

• All permissions use Application type (service-to-service) for reliable background sync

• Permissions can be revoked anytime through Azure AD

3. Complete Setup

1. Click Accept on the consent screen

2. The popup will close automatically

3. You'll see a success message in EvalFlow

4. Click Sync Users to perform the initial sync

User Sync Process

How It Works

EvalFlow syncs users by matching email addresses:

1. Fetches users from your Microsoft 365 directory

2. Matches emails with existing EvalFlow accounts (case-insensitive)

3. Creates mappings so evaluations can be sent via Teams

4. Syncs automatically every hour in the background

What Gets Synced

For each matched user:

• Microsoft Teams User ID (internal identifier)

• Email address

• Display name

• Last sync timestamp

What Doesn't Get Synced

EvalFlow does NOT access or store:

• Passwords or authentication credentials

• Teams messages or chat history

• Email contents

• OneDrive files

• Calendar events

• Any personal data beyond name and email

Troubleshooting

"Admin consent required" Error

Cause: You don't have sufficient permissions in Microsoft 365

Solution:

1. Contact your Global Administrator or Teams Service Administrator

2. Ask them to complete the Teams integration setup

3. They can access EvalFlow → Settings → Integrations → Connect to Microsoft Teams

Users Not Syncing

Cause: Email addresses don't match between EvalFlow and Microsoft 365

Solution:

1. Go to Settings → Integrations → Teams

2. Check the User Mappings table

3. Verify email addresses match exactly in both systems

4. Update user emails in EvalFlow if needed

5. Click Sync Users again

"Integration disconnected" Message

Cause: Admin consent was revoked or expired

Solution:

1. Click Reconnect to Teams

2. Complete the admin consent flow again

3. All existing user mappings will be preserved

Sync Failed with No Error

Cause: Temporary connectivity issue with Microsoft services

Solution:

1. Wait 5 minutes and try again

2. Click Sync Users manually

3. If issue persists, check Microsoft 365 Service Health

Security & Compliance

Authentication Method

EvalFlow uses OAuth 2.0, Microsoft's recommended standard for secure application authentication. This means:

• ✓ No user passwords are ever shared with EvalFlow

• ✓ All authentication is handled by Microsoft's secure infrastructure

• ✓ Access tokens are encrypted and securely managed

• ✓ Each organization's data is completely isolated

• ✓ Integration can be revoked instantly by your IT administrator

Data Storage

What we store:

• Teams User IDs (for identity matching)

• User email addresses and display names

• Integration status and sync timestamps

What we don't store:

• User passwords or credentials

• Message contents or chat history

• Email contents or attachments

• Files or documents

• Calendar information

• Any personal data beyond what's necessary for user matching

Audit & Compliance

• All API calls to Microsoft Graph are logged in your Microsoft 365 Audit Logs

• You can review integration activity in Azure AD → Sign-ins

• Integration can be revoked instantly via Azure AD → Enterprise Applications

Revoking Access

To disconnect the Teams integration:

Option 1: From EvalFlow

1. Go to Settings → Integrations → Teams

2. Click Disconnect

3. Confirm disconnection

Option 2: From Azure AD

1. Go to Azure Portal

2. Navigate to Azure Active Directory → Enterprise Applications

3. Find EvalFlow in the list

4. Click Permissions → Revoke admin consent

Data Residency & Compliance

Data Processing

• Integration operates in compliance with Microsoft's data protection standards

• No Teams message content is processed or stored

• User directory information (names, emails) is processed solely for identity matching

• All data handling follows industry-standard encryption practices

Compliance Frameworks

EvalFlow maintains security controls aligned with:

• SOC 2 Type II standards

• GDPR requirements for EU customers

• Industry best practices for data protection

For detailed compliance documentation or specific regulatory requirements, please contact [email protected].

Multi-Tenant Support

If your organization uses multiple Microsoft 365 tenants:

• Each tenant requires separate admin consent

• User mappings are isolated per tenant

• Contact your account manager for enterprise tenant management options

API Rate Limits

Microsoft Graph API enforces rate limits to ensure service stability. EvalFlow handles these automatically:

• User sync operations are optimized to stay within Microsoft's limits

• Large organizations may experience initial sync times of 2-5 minutes

• Failed requests are automatically retried

• Sync frequency is balanced between data freshness and API efficiency

Best Practices

For IT Administrators

✓ Review permissions before granting consent - understand what each permission does ✓ Test with a pilot group before rolling out company-wide ✓ Monitor audit logs in Azure AD for the first week after setup ✓ Document the integration in your internal IT knowledge base ✓ Set up alerts for any permission changes in Azure AD

For EvalFlow Administrators

✓ Sync users regularly to keep mappings up-to-date ✓ Verify email accuracy in both systems before syncing ✓ Test notifications with a small group first ✓ Review user mappings after each sync to catch issues early

Support

Documentation

• Microsoft Teams Admin Center

• Azure AD Portal

• Microsoft Graph API Documentation

Contact EvalFlow Support

For integration issues, please contact:

• Email: [email protected]

• In-app chat: Click the help icon in the bottom-right corner

• Include your organization name and a description of the issue

When reporting issues, helpful information includes:

• Error messages (screenshot or exact text)

• When the issue started occurring

• Number of users affected

• Recent changes to your Microsoft 365 setup

Frequently Asked Questions

Q: Can EvalFlow read our Teams messages? A: No. EvalFlow can only send notifications to users. We cannot read message history or channel conversations.

Q: What happens if an admin who granted consent leaves the company? A: The integration continues working. Admin consent is granted to the application, not tied to a specific user account.

Q: Can we limit which users are synced? A: Currently, all active users in your Microsoft 365 directory are included in the sync. User filtering based on groups is on our roadmap.

Q: How often does the sync run? A: Automatically every hour. You can also trigger manual syncs anytime from Settings → Integrations.

Q: Does this work with Microsoft 365 Government (GCC)? A: Standard commercial Microsoft 365 only. Contact us for GCC/GCC-High requirements.

Q: Can I use Teams integration with SSO/SAML login? A: Yes, Teams integration works independently of your EvalFlow login method.

Version History

Last Updated: January 2026 Integration Version: 2.0 (Client Credentials Flow)

Recent Changes

• Improved reliability for large organizations (1000+ users)

• Enhanced error messages for easier troubleshooting

• Faster sync performance for initial setup

• Better handling of multi-tenant scenarios