This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 66%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hi,
I have registered a sample multi-tenant app in azure portal app registration requiring certain permissions to access outlook mails. I also have a SAAS application which uses this app and requests for oauth token from users to read and send emails using outlook.
There is a tenant with a set of users who want to use my app for configuring emails in the SAAS application. But the users in the tenant donot have admin privileges to give consent to the application. Based on MS documentation, admin has to give consent to the application using the v2-permissions-and-consent
I have configured a separate admin consent workflow also in the SAAS application. Even after admin gives consent to the app, and admin adds the users to the application in Azure AD, the users are shown the approval prompt when they try to login to the application.
Ideally, once the app is approved in Azure AD Enterprise Applications, all the other users in the tenant should be able to use the application without any consent requirement. Could any one help me understand what I am missing here?
@Sriram S
Thank you for your detailed post! In order to get a better understanding of your environment can you answer some of my questions below.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
@JamesTran-MSFT
Thankyou for responding. Regarding your queries, here are the details.
this link to setup admin consent workflow in my tenant.
Although the admin consent is given, why are the users shown the following screen when they try to login to the app using their email?
Hi, once admin consent for the whole tenant is given users should not be prompted unless they are guests, come from other tenant or permissions have changed in the application without a second admin consent being done.
@Alfredo Revilla (Personal Account)
Thankyou for responding! That is the issue that I am facing. Ideally once admin consent is given, all users within that tenant should be able to login without any approval process. But I keep getting the approval prompt when I try to login from a user account.
Here is the admin consent screenshot.
]1
The user account is also part of the same tenant as that of the admin.
Try creating a new application registration, assigning exactly the permissions you need and consent them (using app registration not enterprise). Let us know of the result.