Share via

Do not allow user consent

Tyler Barnes 21 Reputation points
2024-07-22T22:25:21.61+00:00

I have turned on "Do not allow user consent" under consent and permissions for Enterprise Applications. When a user needs access to a 3rd party application, I get the prompt to allow the application for that user, but I see that is also says it will allow it for the entire org. This is what I desire. For instance, I want all users to be able to access Appointlet without me consenting to each user, however, it seems each user has to request consent. Where am I doing this wrong?

Assignment is not required

It is visible to users and enabled for users to sign in.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,052 questions
0 comments
Accepted answer
  1. Babafemi Bulugbe 3,705 Reputation points MVP
    2024-07-23T06:39:46.8633333+00:00

    Hello Tyler Barnes,

    Thank you for posting your query in the Microsoft Q&A community.

    You will be prompted for consent once you turn on "Do not allow user consent" under Consent and Permissions for Enterprise Applications as you have explained.

    To prevent this from happening, you can grant tenant-wide admin consent in Enterprise apps or the App registrations page for this application. By default, granting tenant-wide admin consent to an application allows all users to access the application unless otherwise restricted

    Kindly click on the link below to see the steps to grant tenant-wide consent for each application

    https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#grant-tenant-wide-admin-consent-in-enterprise-apps-pane

    However, when you grant tenant-wide admin consent to an application, you give the application access to the permissions requested on behalf of the whole organization. Granting admin consent on behalf of an organization is a sensitive operation, potentially allowing the application's publisher access to significant portions of your organization's data, or the permission to do highly privileged operations.

    So be sure of the application before proceeding.

    Also, you can grant consent to each user. Follow this link to learn more

    https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-consent-single-user?pivots=msgraph-powershell

    Let me know if further assistance is required.

    Babafemi

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.