Easy Auth Setup in Azure Function not working

Question

Hi,

we have a scenario where we have to expose documents to out internal employees stored in blob storage over a URL, to have this implemented we have build a function app which has a get endpoint where passing a container name and blob name, the function app retrieves the document and display it on the browser or downloads if content type not supported for browser. to have security measures in there we have configured EASY Auth on the azure function app and link an existing app registration which is setup as defined here: Configure Microsoft Entra authentication - Azure App Service | Microsoft Learn

Now when i make a GET call to view the document it ask me to sign in with my user but then shows a popup saying admin approval required even though we have allowed user to consent as well.

what is wrong in here with config is something wrong with app registration or function config or there is some policy in Azure AD which is blcoking it?

Answer 1

Hi @Sumit Gaur ,

Thanks for reaching out.

I can understand you want to access the app and allow user to provide consent to permissions, however you are still getting prompt for admin approval.

If there are multiple permissions, there might be chance there is a permission to do highly privileged operations which require admin consent.

Examples of such operations might be role management, full access to all mailboxes or all sites, and full user impersonation.

As per screenshot, it seems you are looking for basic user. read and offline_access permission which can easily be granted by user if your organization has not restricted user's scope.

Could you please check the below settings in your enterprise application and update user and admin consent and save the changes to allow users to consent for applications.

Reference - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal

Hope this will help.

Thanks,

Shweta

Please "Accept the answer" if answer helps you.