Admin consent error during OAuth authentication for Microsoft Graph delegated permissions (n8n – self-hosted)

Question

Admin consent error during OAuth authentication for Microsoft Graph delegated permissions (n8n – self-hosted)

Nitish Som 0

Hello Everyone,

I am working with an automation platform called n8n, which I am using to automate email workflows for my organization.

I have registered an application in Azure AD → App registrations (app name: automation) and granted it the following Microsoft Graph delegated permissions:

Mail.Read

Mail.ReadWrite

Mail.Send

offline_access

User.Read

These permissions are required for my email automation use case.

Additional information: In n8n, when configuring Microsoft OAuth, we need to provide the Client ID and Client Secret, and then authenticate directly from the n8n interface.

However, when I try to authenticate, I receive the following error:

“automation needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.”

The issue is that a Global Administrator has already granted admin consent for this application in Azure AD, but the error still persists during the OAuth login.

I have tried re-granting admin consent and recreating the app registration, but nothing has resolved the issue.

Could someone please help me understand:

Why this admin consent error still appears even after consent is granted

Whether additional steps are required for OAuth authentication when using delegated permissions with tools like n8n

Thanks in advance for your help.Hello Everyone,

I am working with an automation platform called n8n, which I am using to automate email workflows for my organization.

I have registered an application in Azure AD → App registrations (app name: automation) and granted it the following Microsoft Graph delegated permissions:

Mail.Read

Mail.ReadWrite

Mail.Send

offline_access

User.Read

These permissions are required for my email automation use case.

Additional information:
In n8n, when configuring Microsoft OAuth, we need to provide the Client ID and Client Secret, and then authenticate directly from the n8n interface.

However, when I try to authenticate, I receive the following error:

“automation needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.”

The issue is that a Global Administrator has already granted admin consent for this application in Azure AD, but the error still persists during the OAuth login.

I have tried re-granting admin consent and recreating the app registration, but nothing has resolved the issue.

Could someone please help me understand:

Why this admin consent error still appears even after consent is granted

Whether additional steps are required for OAuth authentication when using delegated permissions with tools like n8n

Thanks in advance for your help.

Raja Pothuraju 47,420 Reputation points Microsoft External Staff Moderator

2026-01-16T07:01:06.6866667+00:00

Hello @Nitish Som,

Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Nitish Som 0 Reputation points

2026-01-16T11:06:58.7633333+00:00

Hey @Raja Pothuraju ,
First i would like to thank you for your time and your feedback.

I have some update on the issue.
First i will try to explain what we have done.
I have an update regarding the issue and would like to explain what we have done so far. I sat with my senior, who has admin access, and requested him to initiate the login. He logged in, and during this process, the authentication was completed successfully. I am attaching a screenshot for your reference.

As you can see, my account is now connected and authenticated successfully. However, when I attempt to send an email using this account, I encounter the following error.

Can you please help me out what can be the root cause of this problem

Thank You in advance
Raja Pothuraju 47,420 Reputation points Microsoft External Staff Moderator

2026-01-16T12:42:18.7966667+00:00
@Nitish Som, I noticed that the initial issue mentioned in your post is different from the one you are experiencing now. The answer I shared earlier addresses your original question.

Could you please confirm the following:

Which OAuth flow are you using during authentication?

Are you sure you are receiving an access token when the connection/authentication is successful?

Also, the error message you shared appears to be generated by your application. Are you able to see any related failure entries in the Microsoft Entra sign-in logs?

1 answer

Your answer

Raja Pothuraju 47,420 Reputation points Microsoft External Staff Moderator

2026-01-16T07:01:06.6866667+00:00

Hello @Nitish Som,

Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Nitish Som 0 Reputation points

2026-01-16T11:06:58.7633333+00:00

Hey @Raja Pothuraju ,
First i would like to thank you for your time and your feedback.

I have some update on the issue.
First i will try to explain what we have done.
I have an update regarding the issue and would like to explain what we have done so far. I sat with my senior, who has admin access, and requested him to initiate the login. He logged in, and during this process, the authentication was completed successfully. I am attaching a screenshot for your reference.

As you can see, my account is now connected and authenticated successfully. However, when I attempt to send an email using this account, I encounter the following error.

Can you please help me out what can be the root cause of this problem

Thank You in advance
Raja Pothuraju 47,420 Reputation points Microsoft External Staff Moderator

2026-01-16T12:42:18.7966667+00:00

@Nitish Som, I noticed that the initial issue mentioned in your post is different from the one you are experiencing now. The answer I shared earlier addresses your original question.

Could you please confirm the following:

Which OAuth flow are you using during authentication?

Are you sure you are receiving an access token when the connection/authentication is successful?

Also, the error message you shared appears to be generated by your application. Are you able to see any related failure entries in the Microsoft Entra sign-in logs?

Answer 1

Hello @Nitish Som,

If you are using the Client Credentials flow for your automation application, please ensure that you configure Application permissions (instead of Delegated permissions) under the API permissions blade.

I can see that you have added Microsoft Graph Delegated permissions for your application. Delegated permissions work as expected only when there is user interaction during authentication. However, if your application authenticates without any user interaction, you must use Application permissions, grant admin consent, and then test again.

If you are still receiving the same error even after adding Application permissions, please verify the URL being used in your authentication request. If you are calling the /adminconsent endpoint during authentication, it will continue to prompt for consent repeatedly—even if admin consent has already been granted.

To avoid this behavior, do not send authentication requests to the /adminconsent endpoint. Instead, redirect your request to the /authorize or /token endpoint, depending on the OAuth flow you are using.

Below is a sample admin consent URL:

https://login.microsoftonline.com/{tenant}/v2.0/adminconsent
        ?client_id=00001111-aaaa-2222-bbbb-3333cccc4444
        &scope=https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Mail.Send
        &redirect_uri=http://localhost/myapp/permissions
        &state=12345

Reference: https://learn.microsoft.com/en-us/entra/identity-platform/v2-admin-consent

Share via

Admin consent error during OAuth authentication for Microsoft Graph delegated permissions (n8n – self-hosted)

1 answer

Your answer