Configure the way end-users consent to an application in Azure Active Directory
Learn how to configure the way users consent to application permissions. You can simplify the user experience by granting admin consent. This article gives the different ways you can configure user consent. The methods apply to all end users in your Azure Active Directory (Azure AD) tenant.
For more information on consenting to applications, see Azure Active Directory consent framework.
Granting admin consent requires you to sign in as global administrator, an application administrator, or a cloud application administrator.
To restrict access to applications, you need to require user assignment and then assign users or groups to the application. For more information, see Methods for assigning users and groups.
Grant admin consent to enterprise apps in the Azure portal
To grant admin consent to an enterprise app:
- Sign in to the Azure portal as a global administrator, an application administrator, or a cloud application administrator.
- Click All services at the top of the left-hand navigation menu. The Azure Active Directory Extension opens.
- In the filter search box, type "Azure Active Directory" and select the Azure Active Directory item.
- From the navigation menu, click Enterprise applications.
- Select the app for consent.
- Select Permissions and then click Grant admin consent. You'll be prompted to sign in to administrate the application.
- Sign in with an account that has permissions to grant admin consent for the application.
- Consent to the application permissions.
This option only works if the application is:
- Registered in your tenant, or
- Registered in another Azure AD tenant, and consented by at least one end user. Once an end user has consented to an application, Azure AD lists the application under Enterprise apps in the Azure portal.
Grant admin consent when registering an app in the Azure portal
To grant admin consent when registering an app:
- Sign in to the Azure portal as a global administrator.
- Navigate to the App Registrations blade.
- Select the application for the consent.
- Select API permissions.
- Click Grant admin consent.
Grant admin consent through a URL request
To grant admin consent through a URL request:
- Construct a request to login.microsoftonline.com with your app configurations and append on
&prompt=admin_consent. This URL will look like:
- After signing in with admin credentials, the app has been granted consent for all users.
Force user consent through a URL request
To require end users to consent to an application each time they authenticate, append
&prompt=consent to the authentication request URL.
This URL will look like: