![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 18%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,601 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @Chencheng Ji,
Based on the error screenshot which you have provided, I understand that it is asking for admin consent approval to access the application.
When you grant tenant-wide admin consent to an application, you give the application access to the permissions requested on behalf of the whole organization. Granting admin consent on behalf of an organization is a sensitive operation, potentially allowing the application's publisher access to significant portions of your organization's data, or the permission to do highly privileged operations.
By default, granting tenant-wide admin consent to an application allows all users to access the application unless otherwise restricted. To restrict which users can sign-in to an application, configure the app to require user assignment and then assign users or groups to the application.
Important
Granting tenant-wide admin consent may revoke permissions that have already been granted tenant-wide for that application. Permissions that users have already granted on their own behalf aren't affected.
Prerequisites
Granting tenant-wide admin consent requires you to sign in as a user that is authorized to consent on behalf of the organization.
To grant tenant-wide admin consent, you need:
- A Microsoft Entra user account with one of the following roles:
- Privileged Role Administrator, for granting consent for apps requesting any permission, for any API.
- Cloud Application Administrator or Application Administrator, for granting consent for apps requesting any permission for any API, except Microsoft Graph app roles (application permissions).
- A custom directory role that includes the permission to grant permissions to applications, for the permissions required by the application.
Grant tenant-wide admin consent in Enterprise apps pane
You can grant tenant-wide admin consent through the Enterprise applications pane if the application is already provisioned in your tenant. For example, an app could be provisioned in your tenant if at least one user consents to the application. For more information, see How and why applications are added to Microsoft Entra ID.
To grant tenant-wide admin consent to an app listed in Enterprise applications pane:
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Entra ID > Enterprise apps > All applications.
- Enter the name of the existing application in the search box, and then select the application from the search results.
- Select Permissions under Security.
- Carefully review the permissions that the application requires. If you agree with the permissions the application requires, select Grant admin consent.
Grant admin consent in App registrations pane
You can grant tenant-wide admin consent from App registrations in the Microsoft Entra admin center for applications your organization develops and registers directly in your Microsoft Entra tenant.
To grant tenant-wide admin consent from App registrations:
- On the Microsoft Entra admin center, browse to Entra ID > App registrations > All applications.
- Enter the name of the existing application in the search box, and then select the application from the search results.
- Select API permissions under Manage.
- Carefully review the permissions that the application requires. If you agree, select Grant admin consent.
Please refer to the below document if you have any queries.
Grant tenant-wide admin consent to an application - Microsoft Entra ID | Microsoft Learn
I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".