Udostępnij za pośrednictwem


Admin Consent Option Missing

The Setup:

An administrator had turned off user consent for Integrated Apps. This basically prevents users from being able to consent to an application to access the user's O365 profile data.

Here is what the Integrated Apps setting looks like when it is disabled.

ACIntegratedApps

 

Since the users no longer have the ability to provide access to their O365 profile data, the admin must provide consent on behalf of the users.

The Story:

The customer was trying to use the application https://fasttrack.microsoft.com, however, the application wasn't providing the option for the admin to approve for the entire organization. The admin would only get the option to approve consent for the admin account only.

The Fix:

This turned out to be an application behavior issue. The solution is simple, but not at all obvious.  After clicking sign in, the admin will be presented with one of the two sign-in screens below depending of the user already logged in before or not.

  • On this screen, add the following text to the end of the URL:
    &prompt=admin_consent
  • After adding this text, press enter in the address bar to refresh the page with the new setting.
  • Then complete the sign-in

(Admin hasn't signed in before)

 

 

ACSignon1

(Admin has signed in before)

ACSignon2

After refreshing the sign-in page with the new setting and signing in, the admin will see the option to provide consent for all users to O365 profile data.

ACSignon3