Forum Discussion
Azure AD app role assignment - consent grant
Why does Azure AD not prompt the application owner's consent when one of it's exposed role is assigned to a client application (API permissions)? Inside an organization, there could be many appl...
As the app owner/dev, you can check whether the required permissions/roles are assigned by examining the access token. The decision on granting such within the local directory is always left to the global admin. Think of multi-tenant scenarios, there is no practical way for app owner to approve such within other organization's tenant.
VasilMichev I agree this may not be possible in a multi-tenant setup. But my scenario is specific to a single tenant. Inspecting the incoming request's token is a very late as the app already managed to get the assignments done on its own without the knowledge of the app owner.
Wondering if it would be a good to have feature though.