Microsoft Teams School setup guide

Note: the following is assumed to be true. If this is not the case, please look into this or contact support for further help:

  • The school has an instance of Microsoft Teams that exists within their organisation.
  • The active directory exists within the Azure Portal.
  • The emails that students use to Log in to Firefly are identical to those that exist in the Active Directory.
  • The school with which you wish to sync assignments is contained within an administrative unit (this is only needed if there are multiple schools on your Azure AD tenant)

Azure Portal Configuration

In order to allow Firefly to access Assignment and Class data from Teams the School will need to create an application registration within their Active Directory. This can be thought of as an entry point into the Active Directory that Firefly can use to query information governed by a set of predefined permissions.

Step 1

Navigate to https://portal.azure.com/ and log in.
Search for Active Directory in the search bar on top and click the highlighted item below.

Step 2

In the left-hand sidebar click on App Registrations. It should open the window to the right of the sidebar with all existing registrations, (depending on your organisation there may or may not be any). 

Click on New Registration to begin.

Step 3

Register an application.

  • The name can be anything sensible, (such as FireflyMicrosoftTeams for example).
  • For Supported Account Types it is important to select the first option as you only want accounts within your organisation to be able to be used within the application. 
  • The Redirect URL is irrelevant as we are not performing any SSO via the application. 
  • Once you are certain of your selections go ahead and press register at the bottom of the page.

Step 4

Once registration is completed it should navigate you to your app registrations configuration page. It should look like this.


Take note of the following settings, they will be required by Firefly at a later stage in the process.

Step 5

Next we need to create a client secret for the application. This is a secret password that the application uses to identify itself.

Name it whatever you like and set a secure password. Take note of this as it will need to be shared with Firefly.

We suggest using a random password generator with 16 characters, without symbols.

Step 6

We need to set the permissions to control what the app has access to within your organisation.

  • Click on API Permissions.

  • To add a permission click on the plus marked Add Permissions button.
  • Select Microsoft Graph.

The following permissions are required. They are ordered according to whether they are needed in Delegated or Application permissions:

Delegated permissionsApplication permissions
EduAdministration.ReadDirectory.ReadWrite.All
EduAdministration.ReadWriteEduAdministration.Read.All
EduAssignments.ReadWrite EduAssignments.ReadWrite.All
EduRoster.ReadWriteEduRoster.ReadWrite.All
Group.ReadWrite.AllGroup.ReadWrite.All
GroupMember.ReadWrite.AllGroupMember.ReadWrite.All
PrivilegedAccess.ReadWrite.AzureADGroupMember.Read.Hidden
Schedule.ReadWrite.All TeamsActivity.Read.All
TeamsApp.ReadWrite
User.ReadWrite.All
Directory.ReadWrite.All

Once all permissions have been added. Make sure to click the highlighted Grant Admin Consent button.

You will also need to Allow public client flows. 

To do this navigate to: Authentication > Advanced settings and select Yes


Step 7

Next we need to configure the “FireFly Teacher Account”, this is an active directory user which is used by firefly with the above permissions to retrieve information from Teams.

Search for Users in the search bar in the Azure Portal and select users.

Once the user blade has opened create a new user.

Name the username fireflyteacher and the name to match. Make sure to set a strong password for the user and take note of it. Ensure that block sign in is set to No.


Go ahead and create the user and return to the user screen. And search for the newly created user.

It could take some time for the user to be added to the Active Directory so you may need to refresh a few times.
Click on the user and the user details will appear. Mark down the Object ID as it will be required in a later stage.

The configuration process is now done. Make sure you have collected the following information :

  • App Registration Client ID
  • App Registration Client Secret
  • App Registration Tenant ID
  • Email Address of FireFly Teacher Account
  • ObjectID of FireFly Teacher Account
  • Password of FireFly Teacher Account

Once you are ready, hand forward onto Firefly.