Styjun

Is it possible to take a database offline when doing a backup using an SQL job?

What would happen if I build a half bath without permits?

Why do Russians sometimes spell "жирный" (fatty) as "жырный"?

What is the meaning of colored vials next to some passive skills

How to export all graphics from a notebook?

Can a passenger predict that an airline is about to go bankrupt?

Loyalist Primarch return conditions

How do I introduce dark themes?

Speed and Velocity in Russian

Top off gas with old oil, is that bad?

French license plates

Can RPi4 run simultaneously on dual band (WiFi 2.4GHz / 5GHz)?

Sci-fi movie with one survivor and an organism(?) recreating his memories

Worlds with different mathematics and logic

Duck, duck, gone!

A word that refers to saying something in an attempt to anger or embarrass someone into doing something that they don’t want to do?

Science fiction episode about the creation of a living pegasus, even though flightless

Would an object shot from earth fall into the sun?

I transpose the source code, you transpose the input!

What are one's options when facing religious discrimination at the airport?

Why would an airline put 15 passengers at once on standby?

How is the Apple Watch ECG disabled in certain countries?

Does AES-ECB with random padding added to each block satisfy IND-CPA?

Why is a road bike faster than a city bike with the same effort? How much faster it can be?

How to fix “ AADSTS90094: This application requires application permissions to another application” error after giving admin consent

Why Azure AD fails to login non-admins in multi-tenant scenario?Azure ADAL with Xamarin, No admin consent errorHow to get access token for web api from native app in other tenant?Azure AD User login fails even after admin consent in multi tenant web appHow can I trigger admin consent flow for a native multitenant app?Azure AD multitenant non-admin cant login - requires consent from adminHow to allow non-admin users to authenticate via OAuth2.0 for tenants where users are not allowed to consent apps on their behalf?Azure AD + Graph API: How to reconsent after new permissions?Applications created in v2 endpoint, how to grant admin consent for all users in my tenantAADSTS90094: “The grant requires admin permission ” but admin consent but was already grantedAzure AD Consent when adding a permission requiring Admin consent

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

I recently requested new application permissions in my multi-tenanted Azure AD App so that I can access the Graph API. I'm using adal.js to authentication users in a web app, while the actual requests to Graph are made on a node server using adal-node and a certificate.

The new permissions work. I'm able to access Graph using application permissions, and have not had any issues with node server.

The problem is that now whenever admins login to the web app (using `adal.js), they get presented with the consent screen, no matter how many times they consent. Non-admin users are presented with the "Need Admin Approval" screen whenever they login, stopping them from being able to login at all.

I've tried this across different tenancies with the same results. I've also tried approving the permissions through azure.portal.com and removing the app entirely from a tenancy and approving them again.

I've also tried taking away the new permissions and reverting to the old permissions. No matter what, users are hitting the "Need admin approval" screen.

User login code

public login(): void 
 this.adalContext.login();

Admin login code

public adminLogin(): void 
 this.adalContext.config.displayCall = (urlNavigate) => 
 let url = urlNavigate + "&prompt=admin_consent";
 this.adalContext.promptUser(url);
 ;
 this.adalContext.login();

To be clear, this app had been running fine for over a month. It's only once I changed the permissions that this began happening.

permissions azure-active-directory multi-tenant adal adal.js

share|improve this question

edited Mar 28 at 20:49

lworkman

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @RohitSaigal I think that refers to the Microsoft API's I'm asking permission to. Regardless, I found the answer in a different StackOverflow question and posted it below.
  
  – lworkman
  Mar 28 at 20:51
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  ok makes sense.. I took it out once I saw your answer posted at almost the same time..
  
  – Rohit Saigal
  Mar 28 at 21:00
  

  
  
  
  

add a comment
 | 

1

I recently requested new application permissions in my multi-tenanted Azure AD App so that I can access the Graph API. I'm using adal.js to authentication users in a web app, while the actual requests to Graph are made on a node server using adal-node and a certificate.

The new permissions work. I'm able to access Graph using application permissions, and have not had any issues with node server.

The problem is that now whenever admins login to the web app (using `adal.js), they get presented with the consent screen, no matter how many times they consent. Non-admin users are presented with the "Need Admin Approval" screen whenever they login, stopping them from being able to login at all.

I've tried this across different tenancies with the same results. I've also tried approving the permissions through azure.portal.com and removing the app entirely from a tenancy and approving them again.

I've also tried taking away the new permissions and reverting to the old permissions. No matter what, users are hitting the "Need admin approval" screen.

User login code

public login(): void 
 this.adalContext.login();

Admin login code

public adminLogin(): void 
 this.adalContext.config.displayCall = (urlNavigate) => 
 let url = urlNavigate + "&prompt=admin_consent";
 this.adalContext.promptUser(url);
 ;
 this.adalContext.login();

To be clear, this app had been running fine for over a month. It's only once I changed the permissions that this began happening.

permissions azure-active-directory multi-tenant adal adal.js

share|improve this question

edited Mar 28 at 20:49

lworkman

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @RohitSaigal I think that refers to the Microsoft API's I'm asking permission to. Regardless, I found the answer in a different StackOverflow question and posted it below.
  
  – lworkman
  Mar 28 at 20:51
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  ok makes sense.. I took it out once I saw your answer posted at almost the same time..
  
  – Rohit Saigal
  Mar 28 at 21:00
  

  
  
  
  

add a comment
 | 

I recently requested new application permissions in my multi-tenanted Azure AD App so that I can access the Graph API. I'm using adal.js to authentication users in a web app, while the actual requests to Graph are made on a node server using adal-node and a certificate.

The new permissions work. I'm able to access Graph using application permissions, and have not had any issues with node server.

The problem is that now whenever admins login to the web app (using `adal.js), they get presented with the consent screen, no matter how many times they consent. Non-admin users are presented with the "Need Admin Approval" screen whenever they login, stopping them from being able to login at all.

I've tried this across different tenancies with the same results. I've also tried approving the permissions through azure.portal.com and removing the app entirely from a tenancy and approving them again.

I've also tried taking away the new permissions and reverting to the old permissions. No matter what, users are hitting the "Need admin approval" screen.

User login code

public login(): void 
 this.adalContext.login();

Admin login code

public adminLogin(): void 
 this.adalContext.config.displayCall = (urlNavigate) => 
 let url = urlNavigate + "&prompt=admin_consent";
 this.adalContext.promptUser(url);
 ;
 this.adalContext.login();

To be clear, this app had been running fine for over a month. It's only once I changed the permissions that this began happening.

permissions azure-active-directory multi-tenant adal adal.js

share|improve this question

edited Mar 28 at 20:49

lworkman

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

public login(): void 
 this.adalContext.login();

public adminLogin(): void 
 this.adalContext.config.displayCall = (urlNavigate) => 
 let url = urlNavigate + "&prompt=admin_consent";
 this.adalContext.promptUser(url);
 ;
 this.adalContext.login();

share|improve this question

edited Mar 28 at 20:49

lworkman

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

share|improve this question

edited Mar 28 at 20:49

lworkman

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

asked Mar 28 at 19:52

lworkmanlworkman

1644 bronze badges

1 Answer
1

active

oldest

votes

1

The answer to this question ended up helping me: Why Azure AD fails to login non-admins in multi-tenant scenario?

Since I was requesting only application permissions, Azure AD defaults to always asking for consent whenever a user logs in. Once I added one delegated permission (Microsoft.Graph.User.Read), the consent prompt disappeared.

I must have accidentally missed this permission while going through the process of adding and removing them during my troubleshooting.

share|improve this answer

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges

add a comment
 | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55405843%2fhow-to-fix-aadsts90094-this-application-requires-application-permissions-to-a%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

The answer to this question ended up helping me: Why Azure AD fails to login non-admins in multi-tenant scenario?

Since I was requesting only application permissions, Azure AD defaults to always asking for consent whenever a user logs in. Once I added one delegated permission (Microsoft.Graph.User.Read), the consent prompt disappeared.

I must have accidentally missed this permission while going through the process of adding and removing them during my troubleshooting.

share|improve this answer

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges

add a comment
 | 

1

The answer to this question ended up helping me: Why Azure AD fails to login non-admins in multi-tenant scenario?

Since I was requesting only application permissions, Azure AD defaults to always asking for consent whenever a user logs in. Once I added one delegated permission (Microsoft.Graph.User.Read), the consent prompt disappeared.

I must have accidentally missed this permission while going through the process of adding and removing them during my troubleshooting.

share|improve this answer

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges

add a comment
 | 

The answer to this question ended up helping me: Why Azure AD fails to login non-admins in multi-tenant scenario?

Since I was requesting only application permissions, Azure AD defaults to always asking for consent whenever a user logs in. Once I added one delegated permission (Microsoft.Graph.User.Read), the consent prompt disappeared.

I must have accidentally missed this permission while going through the process of adding and removing them during my troubleshooting.

share|improve this answer

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges

share|improve this answer

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges

answered Mar 28 at 20:49

lworkmanlworkman

1644 bronze badges