Does microsoft graph scope require admin consent for delegated permissions

WMio Connectors 121 Reputation points
2020-03-11T09:19:44.903+00:00

I created OAuth app and selected delegated permissions of Microsoft graph which doesn't have admin consent required. But when i try to authorize with some other tenant user, it is prompting message as "Your needs permission to access resources in your organisation that only an admin can grant. Please ask an admin to grant permission to this app before you can use it". How can i overcome without going to admin as I not selected admin consent required scope

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,505 questions
0 comments No comments
{count} votes

Accepted answer
  1. soumi-MSFT 11,761 Reputation points Microsoft Employee
    2020-03-24T10:40:43.16+00:00

    @WMio Connectors , The following Admin consent page is coming up because of the following option set to "No" [Please refer to the screenshot]
    5651-entapp.png

    If this option is set to "No" normal users wont be able to provide user consent. If you want to go ahead with this option set to "No" and still want to Multitenant App to work, the only other option is to use the "Admin Consent Requests (Preview)" and set that to "Yes". Doing this, the normal user while accessing the app and entering the username and password, he/she would get the consent page and would ask the user to provide a justification for the Admin to approve. Once the admin approves it, the user would be able to access the app, and in the backend the app's service principal would get added to the user's tenant.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    0 comments No comments

16 additional answers

Sort by: Most helpful
  1. WMio Connectors 121 Reputation points
    2020-03-13T10:37:34.703+00:00

    @soumi-MSFT I am trying some alternate permissions which are useful to create SharePoint subscriptions and file/folder related operations. I am selecting only delegated permissions in which user consent is not required, But still, I am getting the admin consent required screen. I attached a screenshot of the screen which I am getting. Right now I selected only one delegated permission, but still getting the same issue. One thing here is I am getting this issue for the user who has an account with personal domain, not onmicrosoft.com domain

    4381-azureportalpermissions.png

    4352-consent-screen.pngpng

    0 comments No comments

  2. WMio Connectors 121 Reputation points
    2020-03-20T10:40:00.067+00:00

    any update here @soumi-MSFT


  3. WMio Connectors 121 Reputation points
    2020-03-21T08:42:30.95+00:00

    Thanks @soumi-MSFT .
    I Tried end-user with site admin and also with normal company user(not guest user). We have SSO login for this

    Application developer by user is wmioconnectors@ipaasaccounts.onmicrosoft.com(ipassaccounts tenant)

    I Will let you know via email for call timings. I am from IST and looking for a call either on Monday or Tuesday of next week. Can you let me know which time zone you are belonging to? so that we can have a call which suitable for both


  4. WMio Connectors 121 Reputation points
    2020-03-23T08:28:55.937+00:00

    @soumi-MSFT I setup a call at 16:00IST today. I also send the mail . let me know if you want to change the time

    0 comments No comments