Hi @Emanuel Borsoi •
I understand that you're encountering an issue with specific users receiving a message that "an approval or an administrator is needed" when trying to access your web app via Microsoft Graph can stem from several factors related to permissions and user roles within Microsoft Entra ID.
If users are receiving the consent prompt, they may be accessing the application with the prompt=consent parameter in the URL. When this parameter is included, the application will prompt for consent every time, even if consent has already been granted.
Since you mentioned that some users are seeing the consent prompt, I suggest reviewing the logs or checking the URL when the user is signing into the application to see if it includes prompt=consent. If this parameter is present, the user will be asked to grant admin consent each time they access the application, even if admin consent has already been provided in the Azure portal.
If the URL contains prompt=consent during sign-in, this will trigger the user to grant admin consent repeatedly. In this case, compare the permissions requested in the URL with the permissions that have been admin-consented to the application.
To resolve this issue, for more information, refer to these articles: Solved: "Need admin approval" or "Approval required" AADSTS90094 error during Microsoft sign-in.
Hope this helps. Do let us know if you have any further queries.
Best Regards.
Harshitha Eligeti