Admin consent for single application

%3CLINGO-SUB%20id%3D%22lingo-sub-93622%22%20slang%3D%22en-US%22%3EAdmin%20consent%20for%20single%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93622%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3Ecan%20you%20please%20help%20me%20solve%20following.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Single%20tenant%2C%20we%20disabled%20user%20possibility%20to%20sign%20up%20to%20applications%20(Integrated%20apps%20-%26gt%3B%26nbsp%3B%3CSPAN%3ELet%20people%20in%20your%20organization%20decide%20whether%20third-party%20apps%20can%20access%20their%20Office%20365%20information%20turned%20off).%20However%20we%20would%20like%20to%20provide%20consent%20to%20a%20specific%20users%2Fgroups%20(non%20admins)%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffasttrack.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ffasttrack.microsoft.com%2F%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%2C%20as%20an%20admin%2C%20went%20to%20the%20page%20registered%20works%20for%20me%20well.%20Subsequently%2C%20I%26nbsp%3Bwent%20to%20%22enterprise%20applications%22%20and%20found%20newly%20created%20app%20%22FastTrack%22%20and%20granted%20access%20to%20my%20test%20user.%20However%20when%20I%20sign%20in%20under%20test%20account%20I%20still%20receive%20%22You%20cannot%20access%20this%20application.%20System%20administrator%20needs%20to%20give%20consent%22.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20you%20navigate%20me%20please%20how%20to%20do%20this%20(Ideally%20not%20for%20all%20users%20in%20tenant%20but%20for%20specific%20users).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F18256i4DD0F5C2888FCADC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22test.png%22%20title%3D%22test.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-93622%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%20Center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EFastTrack%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Administration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-93705%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20consent%20for%20single%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93705%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Vasil%2C%3C%2FP%3E%3CP%3Ethank%20you%20for%20reply.%20I%20maybe%20incorrectly%20expressed%20myself.%20I%20did%20both%20as%20you%20indicate.%20First%20logged%20in%20to%20fasttrack%20as%20admin%20and%20gave%20consent.%20Afterwards%20i%20added%20permissions%20and%20went%20to%20Azure%26nbsp%3BApplication%20registration%20and%20gave%20permissions%20to%20sign%20in.%20However%2C%20this%20did%20not%20enable%20non-admin%20users%20to%20log%20in.%3C%2FP%3E%3CP%3EThank%20you%20for%20help.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20852px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F18272i281F8CCEB44DD006%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22test1.PNG%22%20title%3D%22test1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20471px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F18273iDDCEF8408C99427B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22test2.PNG%22%20title%3D%22test2.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EMarek%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-93648%22%20slang%3D%22en-US%22%3ERe%3A%20Admin%20consent%20for%20single%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93648%22%20slang%3D%22en-US%22%3E%3CP%3EProviding%20consent%20is%20different%20from%20adding%20permissions%2C%20it%20can%20only%20be%20done%20via%20the%20login%20page%20as%20part%20of%20the%20OAuth%20flow%2C%20afaik.%20So%20you%20as%20admin%20need%20to%20grant%20consent%20first%2C%20and%20then%20add%20permissions.%20Details%20for%20example%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Factive-directory-integrating-applications%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Factive-directory-integrating-applications%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,

can you please help me solve following.

 

In Single tenant, we disabled user possibility to sign up to applications (Integrated apps -> Let people in your organization decide whether third-party apps can access their Office 365 information turned off). However we would like to provide consent to a specific users/groups (non admins) to https://fasttrack.microsoft.com/.

 

I, as an admin, went to the page registered works for me well. Subsequently, I went to "enterprise applications" and found newly created app "FastTrack" and granted access to my test user. However when I sign in under test account I still receive "You cannot access this application. System administrator needs to give consent".

 

Can you navigate me please how to do this (Ideally not for all users in tenant but for specific users).

test.png

Thank you

2 Replies
Highlighted

Providing consent is different from adding permissions, it can only be done via the login page as part of the OAuth flow, afaik. So you as admin need to grant consent first, and then add permissions. Details for example here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applica...

Highlighted

Hello Vasil,

thank you for reply. I maybe incorrectly expressed myself. I did both as you indicate. First logged in to fasttrack as admin and gave consent. Afterwards i added permissions and went to Azure Application registration and gave permissions to sign in. However, this did not enable non-admin users to log in.

Thank you for help.

test1.PNGtest2.PNG

Marek