Share via

Some users which belongs to another teenant are not able to login using our app with SingelSignOn

Fredrik Bålstedt 1 Reputation point
2024-05-21T09:56:20.8533333+00:00

How can another user login using our app using Singel Sign On. When User login then admin need to give permission.

Question: What is needed for admin to give permission to our "app" and how to do that? The app is registered and works for some users but sometimes it ask new user to accept the app login with admin permission. How to approve the app and it stop asking for approvement all the time. Please see attached image

Screenshot 2024-05-21 at 17.54.42

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,936 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Babafemi Bulugbe 2,515 Reputation points MVP
    2024-05-21T16:47:08.4+00:00

    Hello Fredrik Bålstedt,

    Thank you for posting your question in the Microsoft Q&A Community.

    From my understanding, guest users cannot access an application due to approval issues.

    Please be informed that this results from the User consent for application settings in your tenant being set to No.

    User's image

    There are a few ways to resolve this;

    Firstly, Since you would like to approve permissions to the application without the need to always request consent, Admin can grant tenant-wide admin consent in the Enterprise App Pane.

    Screenshot shows how to grant tenant-wide admin consent.

    Follow the link for more information. https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#grant-tenant-wide-admin-consent-in-enterprise-apps-pane

    Secondly, you can change the User consent setting to Allow user Consent for app from verified publishers by going to the User setting under Enterprise Application blade

    User's image

    Lastly, Under the Admin consent settings, you can allow users to request admin consent to apps and you can add the reviewers of this consent under the Users and Groups tabs as shown in the image below.

    User's image

    With this in place, the admin will approve access to the application.

    Let me know if further assistance is needed.

    Babafemi

    0 comments
  2. Akhilesh 5,800 Reputation points Microsoft Vendor
    2024-05-27T14:46:21.5366667+00:00

    Hi @Fredrik Bålstedt

    Thank you for post!

    To answer your question, in the context of an application, particularly within Microsoft Entra ID, is a process where a privileged administrator grants permission to an application to access specific resources or data on behalf of all users within an organization. This is often required for applications that need to perform actions or access data that are beyond the scope of individual user permissions.
    To manage admin approval for an app using Single Sign-On (SSO), you typically need to adjust the consent settings within your admin portal.

    If the app is trusted and you want to avoid repeated consent prompts, you can grant tenant-wide admin consent.
    If you prefer not to grant tenant-wide consent, you can adjust the user consent settings to allow users to consent to apps on their own. https://learn.microsoft.com/en-us/microsoft-365/admin/misc/user-consent?view=o365-worldwide

    Hope this helps. Do let us know if you any further queries.

    Thanks,
    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.