Configure the way end-users consent to an application in Azure Active Directory

Learn how to configure the way users consent to application permissions. You can simplify the user experience by granting admin consent. This article gives the different ways you can configure user consent. The methods apply to all end users in your Azure Active Directory (Azure AD) tenant.

For more information on consenting to applications, see Azure Active Directory consent framework.

Prerequisites

Granting admin consent requires you to sign in as global administrator, an application administrator, or a cloud application administrator.

To grant admin consent to an enterprise app:

  1. Sign in to the Azure portal as a global administrator, an application administrator, or a cloud application administrator.
  2. Click All services at the top of the left-hand navigation menu. The Azure Active Directory Extension opens.
  3. In the filter search box, type "Azure Active Directory" and select the Azure Active Directory item.
  4. From the navigation menu, click Enterprise applications.
  5. Click Grant Admin Consent. You'll be prompted to sign in to administrate the application.
  6. Sign in with an account that has permissions to grant admin consent for the application.
  7. Consent to the application permissions.

This option only works if the application is:

  • Registered in your tenant, or
  • Registered in another Azure AD tenant, and consented by at least one end user. Once an end user has consented to an application, Azure AD lists the application under Enterprise apps in the Azure portal.

To grant admin consent when registering an app:

  1. Sign in to the Azure portal as a global administrator.
  2. Navigate to the App Registrations blade.
  3. Select the application for the consent.
  4. Select Required Permissions.
  5. Click Grant Permissions at the top of the blade.

To grant admin consent through a URL request:

  1. Construct a request to login.microsoftonline.com with your app configurations and append on &prompt=admin_consent.
  2. After signing in with admin credentials, the app has been granted consent for all users.

To require end users to consent to an application each time they authenticate, append &prompt=consent to the authentication request URL.

Next steps

Consent and Integrating Apps to AzureAD

Consent and Permissioning for AzureAD v2.0 converged Apps

AzureAD StackOverflow