Share via

Azure AD B2C service - Keep showing "Need admin approval" popup when there is calendars.read on the scope

Darman 0 Reputation points
2024-02-26T03:21:25.6233333+00:00

Hello, I always get the "Need admin approval" popup when trying to login in my application.

g2

I've tried looking for solutions from other discussions in Q&A but none of them helped. I have tried to apply it using application permissions from Microsoft Graph and the admin has given permission for the API permissions. g1

this is the implementation in my javascript code:

const msalConfig = {
  auth: {
    clientId: envconfig.REACT_APP_MICROSOFT, //Application (client) ID
    redirectUri: envconfig.REACT_APP_BASE_URL,
    postLogoutRedirectUri: envconfig.REACT_APP_BASE_URL,
  },
  cache: {
    cacheLocation: "localStorage",
  },
};

const msalRequest = { scopes: ["user.read", "calendars.read"] };
const msalClient = new msal.PublicClientApplication(msalConfig);

async function MsalLogin() {
  try {
    const authResult = await msalClient.loginPopup({
      scopes: msalRequest.scopes,
      prompt: "select_account",
    });

    localStorage.setItem("_microsoftAccount", authResult.account.username);

    return authResult;
  } catch (error) {
    console.error("MsalLogin error:", error);
    throw error;
  }
}

Previously I had asked about this, and someone gave the answer that the implementation of the script uses delegated permissions. therefore I tried to register a new application on my azure to add the calendars.read and user.read api from delegated permissions. delegated

but it's the same, it still displays 'Need admin approval'. I want my application to be accessible by any tenant and with personal Microsoft accounts or work accounts. And also I want to use the graph API to access the calendars.read API with delegated permission. I don't understand how delegated permissions work, but what I want is that permissions must be approved from the user's side, so that the admin doesn't need to give permission first so that the popup doesn't appear Need admin approval. So, what options should I choose when registering my application and what configurations are important to do on my application in my Azure B2C? Can anyone help solve this problem? Thank you - Darman

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,653 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,916 Reputation points Microsoft Employee
    2024-02-27T06:56:31.5966667+00:00

    @Darman

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are getting "Admin Approval" for consenting the multitenant application published in the parent tenant.

    Please do correct me if this is not the ask by responding in the comments section.

    This error is triggered from Parent Entra ID tenant as the application is not verified. Kindly refer to : https://techcommunity.microsoft.com/t5/microsoft-entra-blog/publisher-verification-and-app-consent-policies-are-now/ba-p/1257374

    As a workaround kindly try the following:

    User's image

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks, Akshay Kaushik

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.