This error is occurring because the user trying to use the graph explorer is trying to utilize a v2 permission that requires admin consent. Giving Consent for All Users for Microsoft Graph Explorer This error is described in the picture below : Since only administrators can complete the admin consent only they should be able to see the link in the application.This post is meant for users who are trying to utilize the Microsoft Graph Explorer but are getting an error regarding admin consent. Leveraging the fact that administrators are allowed to use new applications that haven't been approved for the whole organization yet, a nice way to allow them to sign up their organization for using that application could be to provide them with an admin page that includes the sign up link. If that user is however the administrator, the application will work as expected. Adding link to the admin pageĪs you have just seen, if a regular user tries to start an application that requires admin consent, and which hasn't been approved yet, an error is shown. So how do you start the admin consent flow in your application?Ī sample application showing the end result is available on GitHub at. They do this by completing the admin consent flow. Once you're done, you will end up having an empty application that requires you to authenticate using your organization account.Īssuming that your application uses permissions that require admin consent, such as the Run search queries as user permission, if you were to try and use the application as a user from another Active Directory, you would get an error stating that the consent cannot be completed due to lack of permissions.īefore this application can be used by users from other directories, their administrators have to approve it first.
#Admin iconset how to#
If you are new to it, you can either use the step-by-step manual of how to connect your solution to Office 365 or you can have the Yeoman Office Generator scaffold it for you. Implementing admin consent in multi-tenant applications using implicit OAuth flowīuilding client-side add-ins and applications connected to Office 365 isn't overly complex. There are however some pieces in the underlying ADAL JS library that you can use to implement admin consent in your application. And while ADAL JS simplifies working with OAuth in Angular applications, it doesn't provide a turnkey solution for implementing admin consent. The process of approving the application for the whole organization by the administrator is referred to as admin consent and is a part of the Azure AD OAuth implementation. One such example is if your application is to perform search queries on behalf of the current user.
If you have built a SaaS application for your customers, depending on its functionality, you might need organization's administrator to approve your application before it can be used. This will allow your client-side application to complete the OAuth flow without any server-side code. The only requirement for it to work is to enable the implicit OAuth flow. With new APIs you can build a fully client-side based solution connected to Office 365 using for example Angular and ADAL JS. Admin consent and Office 365 multi-tenant applications And this is exactly where things get slightly more complicated. You might even consider building a SaaS application that you would host for your customers. Once you get comfortable with the new APIs and OAuth you might start thinking about building solutions for your customers.
Using tools such as the Yeoman Office Generator, Angular and ADAL JS you can pretty quickly build your first solution connected to Office 365 without a single line of server-side code. The new Office 365 APIs simplify building web applications and add-ins on the Office platform. Building multi-tenant SaaS applications on the Office 365 platform Here is how to do it for applications built using Angular and ADAL JS. If you're building a SaaS application on the Office 365 platform, there is a chance you might need to implement admin consent.
0 kommentar(er)
