question

SriramS-3737 avatar image
0 Votes"
SriramS-3737 asked AlfredoRevilla commented

Oauth Consent prompt coming even after admin consent is given

Hi,

I have registered a sample multi-tenant app in azure portal app registration requiring certain permissions to access outlook mails. I also have a SAAS application which uses this app and requests for oauth token from users to read and send emails using outlook.

There is a tenant with a set of users who want to use my app for configuring emails in the SAAS application. But the users in the tenant donot have admin privileges to give consent to the application. Based on MS documentation, admin has to give consent to the application using the v2-permissions-and-consent



I have configured a separate admin consent workflow also in the SAAS application. Even after admin gives consent to the app, and admin adds the users to the application in Azure AD, the users are shown the approval prompt when they try to login to the application.

Ideally, once the app is approved in Azure AD Enterprise Applications, all the other users in the tenant should be able to use the application without any consent requirement. Could any one help me understand what I am missing here?

azure-ad-authentication-protocolsazure-ad-enterpriseapps
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SriramS-3737
Thank you for your detailed post! In order to get a better understanding of your environment can you answer some of my questions below.

  • Are you able to share the documentation you followed to set this up?

  • Can you share a screenshot of the permissions you're requiring within your app registration?


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

@JamesTran-MSFT
Thankyou for responding. Regarding your queries, here are the details.
1. I followed configure-admin-consent-workflow


this link to setup admin consent workflow in my tenant.

  1. here are the permissions that are required in my app registration

61743-screenshot-2021-01-29-at-125321-pm.png


Although the admin consent is given, why are the users shown the following screen when they try to login to the app using their email?

61739-screenshot-2021-01-29-at-125612-pm.png


0 Votes 0 ·

1 Answer

AlfredoRevilla avatar image
1 Vote"
AlfredoRevilla answered AlfredoRevilla commented

Hi, once admin consent for the whole tenant is given users should not be prompted unless they are guests, come from other tenant or permissions have changed in the application without a second admin consent being done.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AlfredoRevilla
Thankyou for responding! That is the issue that I am facing. Ideally once admin consent is given, all users within that tenant should be able to login without any approval process. But I keep getting the approval prompt when I try to login from a user account.

Here is the admin consent screenshot.
![61725-screenshot-2021-01-29-at-125321-pm.png][1]



The user account is also part of the same tenant as that of the admin.

0 Votes 0 ·

Try creating a new application registration, assigning exactly the permissions you need and consent them (using app registration not enterprise). Let us know of the result.

1 Vote 1 ·