We registered our locally hosted Windows Admin Center Gateway(Server 2019, Admin Center Version 2009/Build 1.2.2009.21002) without issue. We then flipped on the option to add "Use Azure Active Directory to add a layer of security to the gateway". All pertinent users have been assigned the application in Azure AD/Enterprise Apps. However, we are seeing 2 issues:
Most users are not being prompted to sign into Azure AD. Some are, but it is not consistent as to who is or is not prompted. I am aware the Azure login is a supplemental prompt for access.
For those prompted, when attempting to sign in, they are met with an error the app "...needs permission to access resources in your organization only an admin can grant." This also affects when attempting to sign in to Azure in the Windows Admin Center control panel. I double checked the settings and they looked correct, specifically
Manual Azure AD app configuration.
On paper this configuration seems straightforward, but it is not working. Does anyone have any ideas on what I am missing?