Microsoft Graph API - Not able to authenticate and get Access Token on behalf of other user

Kanchan Kumari 96 Reputation points
2020-10-25T17:57:28.447+00:00

Hi,

I have registered my app on the Microsoft azure portal (app registrations) and want to use Microsoft Graph API.

I had followed the below Microsoft Graph documentation to get Access Token on behalf of the user and use Microsoft Graph APIs further:
https://learn.microsoft.com/en-us/graph/auth-v2-user

Earlier I was able to get Access Token on behalf of all the users to call Microsoft Graph APIs after app registration.
By mistake, I deleted the previous app registration. And now when I have again registered the app, I am able to get the access token only for the users having a personal Microsoft account.
I am not able to get an access token on behalf of the user who wants to authenticate from their organizational Microsoft accounts and create an access token.
I am getting below error when I try to authenticate via my organization account to get access token:
" Need admin approval. This app may be risky. If you trust this app, please ask your admin to grant you access. "

Could you please let me the reason why earlier all accounts were authenticated and access token was generated? But now only personal Microsoft accounts are authenticated and not organisational accounts for access token generation.

Thanks a lot.

Kind regards,
Kanchan

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,649 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,352 questions
{count} votes

Accepted answer
  1. Kanchan Kumari 96 Reputation points
    2020-10-28T11:39:30.703+00:00

    Hi James,

    Thanks a lot for your help.

    I am attaching the screenshots as per your request:

    1. The complete Authorize request I am sending:
      35761-auth-request.png
    2. Application's API permissions: 35706-api-permission.png

    Kindly let me know in case you need any further information.

    Best regards,
    Kanchan


2 additional answers

Sort by: Most helpful
  1. Kanchan Kumari 96 Reputation points
    2020-10-27T05:19:17.86+00:00

    Hi James,

    Thanks a lot for your reply and input.

    But I would like to mention that I have already selected the option as below but still facing the reported issue:
    --> Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

    35305-app-registeration-config.png

    Kindly refer the screenshot for the same.

    Request you to please help me further to resolve the issue.

    Kind regards,
    Kanchan


  2. Kanchan Kumari 96 Reputation points
    2020-10-29T05:33:08.37+00:00

    Hi James,

    Thanks a lot for your support.
    Now the issue is resolved.

    Kind regards,
    Kanchan

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.