Submitting B2B App for Admin Consent

Severin Allekotte 0 Reputation points
2023-11-17T09:26:43.6266667+00:00

We have developed a B2B App which requires admin consent for some users of certain companies to authenticate. Do I have to submit my app to Microsoft Entra ID for admins to grant access to their users? Or is it just up to the admins to give consent? If I have to submit my app to Entra, is SSO a necessity?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,454 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 17,976 Reputation points MVP
    2023-11-17T12:05:30.4333333+00:00

    To address your query about submitting a B2B app for admin consent in Microsoft Entra ID, there are a few important aspects to consider:

    1. Admin Consent Requirement: For apps that require access to data or functionality in Azure AD on behalf of a user, admin consent is typically necessary. This is particularly true for apps needing permissions that can access sensitive data or make significant changes in the tenant.
    2. Submission to Microsoft Entra ID:
      • Microsoft Entra is a new identity and access brand from Microsoft, but the process of app registration and consent doesn't necessarily change with its introduction.
      • If your app requires consent for permissions that a regular user cannot grant, then admin consent is required. This doesn't always mean you have to submit the app to Microsoft directly unless specified in Microsoft's guidelines or if your app is intended for publication in the Azure Marketplace or similar platforms.
    3. SSO Necessity:
      • Single Sign-On (SSO) is not an inherent requirement for admin consent. However, if your app is designed to use Azure AD for authentication, implementing SSO can provide a smoother user experience and is often encouraged.
    4. Granting Admin Consent:
      • Admins can grant consent to an application either via the Azure portal or programmatically using PowerShell or Graph API, depending on the permissions your application requests.
      • The process involves the admin logging into the Azure portal, navigating to the app registration, and granting the necessary permissions.

    In summary, whether you need to submit your app to Microsoft Entra ID depends on the nature of your app and its integration with Azure services. The requirement for SSO is separate and is more about the design choice for user authentication within your app. Admins can grant consent through Azure portal mechanisms, which is a standard practice for enterprise applications requiring higher privileges or access to sensitive data.

    For detailed guidelines and procedures, it's recommended to refer to the official Microsoft identity platform documentation.

    Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.