This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 21%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hello,
I'm a little confused with the Approve action for Azure AD app consent. The approval action is defined as "Granting admin consent to the application will add it to your tenant and all users will be able to access it unless you restrict access to the application." However, I have noticed after approving a specific app that if another user requests the same application, a new consent request will be generated. Is this normal behavior?
Thanks,
Diego C
Can you confirm that app has all the perms admin granted for it?
My thought is that either its not been granted or a new permission was requested by the next request.
Hello Andy and thanks for the reply. I don't know if I understood it correctly but here is an example for one application:
Thanks,
DC
Hello @diegotconti , there are many types of consents experiences, some can replace others, some cannot. The first type that you mention allows a multi-tenant app (an app from another tenant) to be used. This an admin consent. The second type is a consent given by each user for his own personal/delegated permissions. This is a user consent. Both may be required depending on various factors like app permissions, policies, etc. That being said you can save the users from consenting their own personal/delegated permissions granting tenant-wide admin consent to an application.
For more information, please take a look to:
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.
Thanks Alfredo. We do have a policy that allows users to consent only to verified publishers and if the defined permissions are met. The app consent workflow is also enabled. For apps that don't meet our policy, an admin would have to consent and here is where I'm confused. I was under the impression that by consenting one time for an app, we wouldn't have to consent again.
Hello @diegotconti , you're welcome! Do you need additional assistance? If not, please remember to accept it so that others in the community with similar questions can more easily find a solution.
Can you click on the admin consent menu and see if that has been allowed?
From the Admin Consent Tab, there are no consented permissions
Can you consent them under app registrations?
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#grant-admin-consent-in-app-registrations