question

ArashNiknafs-0051 avatar image
0 Votes"
ArashNiknafs-0051 asked ·

Azure Web App - Authorization - "Need admin approval"

Hi,

I have setup a Web App in Azure (it sits insides a repository which is pushed into a container registry by an ADO pipeline).

I have registered the app in Azure Active Directory and I have been trying to restrict the access to App to a small number of internal employees.

However, the end users keep getting "Need admin approval" message as shown below:

68764-image.png


The users are added to the registered app inside the AAD and have the "Default Access" for their "Role assigned".

My online search has led me to changing the restrictions in the following screenshot:

68717-image.png

However, I don't have access to do that. Those are greyed out.

I also tried granting the users access through the following but again I don't have the access to do so:

68772-image.png

Please advise. Thanks! [2]: /answers/storage/attachments/68717-image.png


azure-active-directory
image.png (47.9 KiB)
image.png (73.9 KiB)
image.png (170.0 KiB)
· 1
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MathewJamesUSTIN-8501 avatar image MathewJamesUSTIN-8501 ·

In your authConfig.js, look into a parameter called loginRequest

// Add here scopes for id token to be used at MS Identity Platform endpoints.
const loginRequest = {
scopes: ["User.Read"]
};

In the above you might have added something called Prompt: “consent” (as indicated below). Remove this line. Only scopes: ["User.Read"] is required. This should solve the issue.

// Add here scopes for id token to be used at MS Identity Platform endpoints.
const loginRequest = {
scopes: ["User.Read"]
prompt: “consent”
};

0 Votes 0 ·

2 Answers

MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

Hi @ArashNiknafs-0051,

Granting tenant-wide admin consent requires you to sign in as a Global Administrator, an Application Administrator, or a Cloud Application Administrator. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

(And to grant admin consent on Microsoft Graph, you need global administrator privileges.)

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent#prerequisites

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#:~:text=Sign%20in%20to%20the%20Azure,then%20click%20Grant%20admin%20consent.

·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ArashNiknafs-0051 avatar image
0 Votes"
ArashNiknafs-0051 answered ·

@MarileeTurscak @MathewJamesUSTIN-8501 Thank you both for your replies!

I have tried several paths and talked with different teams. It seems that we would need to get an admin consent as Marilee mentioned in her answer.

However, the link there is pointing to instructions on how an admin would have done this. Developers like me won't be able to do that. The instructions on how to request admin consent are not clear and seem to be out-of-date.

I have been advised to create a ticket here with Azure and ask them for that admin consent.

Would that be in here? The Azure Support portal was a bit confusing. The only support I see there is community support.

Thanks again!

·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.