IT Admin Setup Guide
This guide walks IT administrators through the Azure configuration required for the Iristick.Teams app, downloadable from the Google Play or App Store, deployment. You'll register the app in your tenant and grant the permissions your users need to sign in.
Estimated time: 5–10 minutes.
Before You Start
Make sure you have:
- A Microsoft 365 tenant (not a personal or free account)
- Global Administrator, Application Administrator, or Cloud Application Administrator role
- At least one user with a Microsoft 365 Business Basic (or higher) license for testing
- The Iristick.Teams app installed on a test device — Google Play | App Store
Personal and free M365 accounts won't work
Iristick.Teams requires a Microsoft 365 Business tenant. Personal Microsoft accounts and free-tier M365 accounts do not support the enterprise app registration this setup requires.
How It Works
When a user opens Iristick.Teams and signs in, the app authenticates through Microsoft Entra ID using MSAL (Microsoft Authentication Library). Your tenant needs two things for this to work:
- A service principal — tells Entra ID that Iristick.Teams is a trusted app
- Admin consent — pre-approves the delegated permissions so users aren't blocked
Once authenticated, the Iristick backend connects the user to Microsoft Teams calls through Azure Communication Services.
flowchart LR
A[Iristick.Teams App] -->|MSAL sign-in| B[Microsoft Entra ID]
B -->|Checks| C{Service Principal\nexists?}
C -->|No| D[Sign-in blocked]
C -->|Yes| E{Admin consent\ngranted?}
E -->|No| F[Need admin approval]
E -->|Yes| G[Access token issued]
G --> H[Iristick Backend]
H -->|Azure Communication Services| I[Microsoft Teams Call]Permissions requested by Iristick.Teams
Microsoft Graph (requested on first sign-in):
| Permission | Why it's needed |
|---|---|
User.Read |
Access signed-in user info (display name, user ID, tenant ID, email) |
User.ReadBasic.All |
Access contact user info (display name, user ID, tenant ID, email) |
Contacts.Read |
List and search through contacts |
Calendars.Read |
Access calendar for joining existing meetings |
Team.ReadBasic.All |
Access team information for contacts |
OnlineMeetings.ReadWrite |
Create Microsoft Teams meetings |
ChatMessage.Send |
Send chats (take picture command, etc.) |
Chat.Read |
Receive chats (display new messages in UI) |
Chat.ReadWrite |
Receive chats and send messages |
Azure Communication Services (requested on first sign-in):
| Permission | Why it's needed |
|---|---|
Teams.ManageCalls |
Make and manage calls |
All permissions are delegated — the app acts on behalf of the signed-in user, never independently.
Setup Steps
- Grant Admin Consent — Register the app in your tenant and approve permissions
- Verify the Setup — Confirm users can sign in and join calls
Having issues? See the IT Admin Troubleshooting guide.