Share via

Need admin approval error with users from another organization.

Marcus Paiva 0 Reputation points
2024-10-13T15:53:58.7966667+00:00

I'm configuring an app in my organization to allow users to log in through external accounts (both personal and organizational) to access their data through the Microsoft Graph API. Additionally, the "other organization" refers to another account that I have created to run some tests.

I have configured the app as multi-tenant.
User's image

And give the following permissions(I already tried to give the consent but it didn't work):

User's image

With the admin account from the organization i can do the consent process, but with other "normal" accounts from the organization i keep having the same error:

My App as the status "Publish verified"
User's image

I have made some searches and found this link: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#grant-tenant-wide-admin-consent-in-enterprise-apps-pane

But it's not very clear for me, i follow the steps and tried to consent the admin flow with my organization account and the external organization account, but i keep receiving the same error: "need admin approval".

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,945 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,046 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,885 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,803 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 148.1K Reputation points MVP
    2024-10-13T16:43:38.58+00:00

    Application perms would be really bad here. You prob want the scope set to delegated so users can only access the calendars they already have access to.

    If users are logging onto your app as themselves , then I would expect your app to request delegated permissions, not application.

    https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.