Azure-docs: Need admin approval

Created on 4 Jun 2020  路  8Comments  路  Source: MicrosoftDocs/azure-docs

Pri3 azure-active-directorsvc cxp needs-more-info product-question triaged
Source
picture atcaoyufei

All 8 comments

@atcaoyufei, Thanks for leveraging Azure docs feedback channel to raise this question. Could you please share the Azure documentation for which this feedback is applicable to and also describe more details about your scenario?

AjayKumar-MSFT picture AjayKumar-MSFT on 4 Jun 2020

Organization A Create Application
Organization B member authorized to log in
Need admin approval

atcaoyufei picture atcaoyufei on 7 Jun 2020

@atcaoyufei, Thanks for the response and sharing additional details.

As mentioned in my previous post, it would greatly help, if you could share the Azure documentation for which this feedback is applicable to? I beleive you are referring to this documentation 'Configure the admin consent workflow (preview)', please do confirm on the same or share the specific Azure document for a focused assistance.
As I do understand you have configured the admin consent workflow, could you also please share some more details about your problem so we can assist you better while I check on this with the Azure Active Directory subject matter expert.

AjayKumar-MSFT picture AjayKumar-MSFT on 7 Jun 2020
👍1

@atcaoyufei There are certain permissions that require admin approval only. For example in below screenshot, the permissions where admin consent required is set to 'Yes' would not accept user consent. Only the permissions where admin consent required is set to '-' can be consented by users.
image
So regardless of whether this option is set to yes or no:
image
only administrator can consent to the permissions for which admin consent required is 'Yes'.

amanmcse picture amanmcse on 8 Jun 2020
👍1

scope: offline_access Files.ReadWrite.All
@amanmcse

atcaoyufei picture atcaoyufei on 8 Jun 2020
👍1

@atcaoyufei Could you please share the complete request URL which initiate the consent framework?

amanmcse picture amanmcse on 8 Jun 2020

@amanmcse

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4bb69ea8-1fd8-4dcf-a493-d023f7e8e432&redirect_uri=https%3A%2F%2Fp
y-index.github.io&response_type=code&state=debug&scope=offline_access+Files.ReadWrite.All&prompt=consent

atcaoyufei picture atcaoyufei on 9 Jun 2020
👍1

@atcaoyufei I constructed same URL with the client_id of the application in my tenant and not getting the "Need Admin Approval" message. You can test with below URL:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=b6f346ba-c900-4633-9f0d-e8000d97dc8e&redirect_uri=https://py-index.github.io&response_type=code&state=debug&scope=offline_access+Files.ReadWrite.All&prompt=consent

You can try registering a new application and try again. If you still face this issue, I would suggest you to open a Support Request as this is not expected behavior and require deeper troubleshooting.

amanmcse picture amanmcse on 9 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Favna picture Favna  路  3Comments
mrdfuse picture mrdfuse  路  3Comments
monteledwards picture monteledwards  路  3Comments
bityob picture bityob  路  3Comments
jharbieh picture jharbieh  路  3Comments