Share via

Need Admin Approval popup

Suchai Tammewar 65 Reputation points
2024-01-16T17:37:30.5966667+00:00

Hi Team, Previously, My app was a single tenant and faced an issue related to Application was not found in Directory "XXXX", later when I made the application to be as "multi-Tenant" then the issue above issue is resolved, but when I try to click on button to launch the URL in new tab, it says now as below.

"Need admin approval unverified needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it."

I tried providing access to the API Permissions with user.Read and delegate.Read and provided the admin consent as NO too. but still it is showing as "Need admin approval".

Do I need to provide any extra API permissions like user.ReadAll? also in User settings do I need to make the admin consent to be marked as NO "Allow Always with Consent?"

without making the changes in the user settings and if at application level in Active directory to mark the user.ReadAll and delegate.ReadAll as enabled and provided the consent, does that work? Thanks, Suchai

Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. Navya 19,795 Reputation points Microsoft External Staff Moderator
    2024-01-17T09:50:00.4366667+00:00

    Hi @Suchai Tammewar

    Thank you for posting this in Microsoft Q&A.

    I understand that you are facing an issue related to admin approval while trying to access resources in your organization using a multi-tenant application in Microsoft Entra ID.

    Enabling user.ReadAll and delegate.ReadAll permissions in the Azure AD application registration and providing admin consent should work, but it is important to carefully consider the permissions your application requires and only request the minimum necessary permissions.

    Follow below steps to fix Need Admin Approval popup.

    1.Make sure to grant tenant-wide admin consent in Enterprise apps pane.
    https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#grant-tenant-wide-admin-consent-in-enterprise-apps-pane

    2.Enabling app registration by users in the Microsoft Entra admin center

    1. Sign in to the Microsoft Entra admin center.
    2. In the menu on the left, go to Azure Active Directory (or Identity) > Users > User settings.
    3. Enable the Users can register applications option by setting the toggle button to Yes and click Save to apply your changes.

    3.Allowing user consent for apps in the Microsoft Entra admin center

    1. Sign in to the Microsoft Entra admin center.
    2. Go to Azure Active Directory (or Identity) > Applications > Enterprise applications > Consent and permissions.
    3. Under User consent for applications, select Allow user consent for apps and click Save.

    Hope this helps. Do let us know if you any further queries.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    Thanks,
    Navya.

    2 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.