Forum Discussion
Consent flow for application permissions
I have a AAD secured api and I need to grant a client application access to this api (without any user context). I have added a approle with "allowedMemberTypes": ["Application" ] to the manifest of...
Hello Esha,
Consent works on the basis of api, that an application is accessing.
If your api is accessing the basic information of any entity like user then the user context will work.
If your api is accessing a protected resource that needs global admin consent the application will not be able to access with the consent of the global admin for the directory.
Now in these cases we end up a situation wherein a global admin has to consent the application for the entire directory using "prompt=admin_consent" parameter.
check the below mentioned article
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devhowto-multi-tenant-overview
This will be one-time consent approval that will be done by GA.
Regards,
Rishabh