question

Infpk-4478 avatar image
0 Votes"
Infpk-4478 asked phsignor answered

Admin consent for OAUTH applications

What is the user experience if you enable tenant wide admin consent for previously on boarded OAUTH applications?

Can you enable admin consent app by app

azure-ad-enterpriseapps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered Infpk-4478 commented

Hi @Infpk-4478 • Thank you for reaching out.

Are you talking about enabling the admin consent workflow, as documented HERE?

If yes, the change will affect previously registered OAuth applications as well. That means, if the application require permissions that need admin approval, user will be provided with a form to request for approval and provide a justification, as shown below.

133156-image.png

When admin consent workflow is NOT enabled, users don't get an option to request approval by providing a justification. In that case, admin has to grant consent by either navigating to the Azure Portal > App Registration > your-app > api permissions or by accessing the application and provide organization wide consent by selecting the checkbox highlighted below:

133146-image.png

  • Can you enable admin consent app by app?

No, this setting is tenant wide setting and cannot be enabled on per application basis.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (33.2 KiB)
image.png (26.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for responding!
Per app basis, what settings I can enable or configure so that my users that have already been on boarded, are not affected.

End goal is to enable admin consent but to do so without disrupting my end users lives. Or limit it.

0 Votes 0 ·
phsignor avatar image
0 Votes"
phsignor answered

Changing the user consent setting only applies to consent events which take place after you make the change. If a user has already granted consent to an application, that user will continue to be able to sign in to and use that application. Only users who have not already granted consent and used the app will be blocked from granting consent themselves.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.