I have registered a sample multi-tenant app in azure portal app registration requiring certain permissions to access outlook mails. I also have a SAAS application which uses this app and requests for oauth token from users to read and send emails using outlook.
There is a tenant with a set of users who want to use my app for configuring emails in the SAAS application. But the users in the tenant donot have admin privileges to give consent to the application. Based on MS documentation, admin has to give consent to the application using the v2-permissions-and-consent
I have configured a separate admin consent workflow also in the SAAS application. Even after admin gives consent to the app, and admin adds the users to the application in Azure AD, the users are shown the approval prompt when they try to login to the application.
Ideally, once the app is approved in Azure AD Enterprise Applications, all the other users in the tenant should be able to use the application without any consent requirement. Could any one help me understand what I am missing here?