Share via

"Need admin approval" although the option is set to "Allow user consent for apps"

Wolfram Müller 21 Reputation points
2022-12-06T08:49:25.277+00:00

Hi there,

we are developing an app that lets users connect their mailboxes. We get an access token via https://login.microsoftonline.com/organizations.

A few customers have complained about the "need admin approval" error, and we were able to confirm that it disappears when you mark the option "Allow user consent for apps" (In: Directory > Enterprise applications > Consent and permissions > User consent settings.)

For one customer though, the message persists: even though the setting is set to "Allow user consent for apps" they still receive the "need admin approval" error.

Is there some other setting they have to look for, to make the message go away? What else could trigger this?

Thanks in advance!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,518 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,279 questions
0 comments
Accepted answer
  1. Vasil Michev 117.1K Reputation points MVP
    2022-12-06T09:06:41.667+00:00

    They need to check the settings therein, as the specific scope(s) you are requesting might not all be allowed for users to consent to. In addition, the app might be triggering the step-up/risk flow, as detailed here: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-risk-based-step-up-consent

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.