Forum Discussion
Russell Meyer
Nov 14, 2017Brass Contributor
Unable to grant O365 users access to Tech Community
Has any one ran into issues authorizing Tech Community with federated IDs? If I log in with a GA, gives me some warnings about access, etc...if I accept, the account I good but others in the tenant, not so much
states:
You can't access this application
MS Tech Comm needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
AADSTS90094: The grant requires admin permission.
if I drill into AAD I see the app but its specific to the GA account, and when I allow graph the same permissions for the tenant, no love...I saw some docs about a parameter that needs to be placed in the auth url but didn't work
- Dean_GrossSilver Contributor
I would not recommend using company accounts to access this community because if you leave the company , you will lose all of your history in this community.
- Adrienne AndrewsBrass Contributor
Hi Dean, I so wish I had known this when I signed up to the community originally! I was a founding member and member of the week - but all that is gone since changing jobs. Frankly, I don't even see the benefit of linking to Office 365 if there is no way to port your profile to another account or tenant. Guess lesson learned going forward!
You as the admin can consent to the app. Go to the Azure AD blade, navigate to the app in question (O365 Network or MS Tech Comm), Properties, check the value of the "User assignment required?" toggle. Should be set to No.
- Russell MeyerBrass Contributorits set to no...even flipped to yes and assigned, no love
Switch it to No, try accessing the MTC with your admin account and consent to the app. If no consent prompt appears, try triggering it manually via this link:
https://login.microsoftonline.com/common/adminconsent/?client_id=09213cdc-9f30-4e82-aa6f-9b6e8d82dab3&redirect_uri=https%3A%2F%2Ftechcommunity.microsoft.com%2Fauth%2Foauth2callback&response_type=code&state=https%3A%2F%2Ftechcommunity.microsoft.com%2F&scope=User.Read+openid+email+profile+offline_access
The "adminconsent" part makes sure that it will trigger the correct flow.
And a disclaimer to never click such links without double and triple-checking to what you are consenting :)