Nov 14 2017 02:29 PM
Has any one ran into issues authorizing Tech Community with federated IDs? If I log in with a GA, gives me some warnings about access, etc...if I accept, the account I good but others in the tenant, not so much
states:
You can't access this application
MS Tech Comm needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
AADSTS90094: The grant requires admin permission.
if I drill into AAD I see the app but its specific to the GA account, and when I allow graph the same permissions for the tenant, no love...I saw some docs about a parameter that needs to be placed in the auth url but didn't work
Nov 15 2017 12:37 AM
You as the admin can consent to the app. Go to the Azure AD blade, navigate to the app in question (O365 Network or MS Tech Comm), Properties, check the value of the "User assignment required?" toggle. Should be set to No.
Nov 15 2017 09:08 AM
Nov 15 2017 10:36 AM
Switch it to No, try accessing the MTC with your admin account and consent to the app. If no consent prompt appears, try triggering it manually via this link:
https://login.microsoftonline.com/common/adminconsent/?client_id=09213cdc-9f30-4e82-aa6f-9b6e8d82dab3&redirect_uri=https%3A%2F%2Ftechcommunity.microsoft.com%2Fauth%2Foauth2callback&response_type=code&state=https%3A%2F%2Ftechcommunity.microsoft.com%2F&scope=User.Read+openid+email+profile+offline_access
The "adminconsent" part makes sure that it will trigger the correct flow.
And a disclaimer to never click such links without double and triple-checking to what you are consenting :)
Nov 15 2017 10:39 AM
Nov 15 2017 10:55 AM
Nov 15 2017 11:02 AM
Yup, replace the endpoint. The ClientID is the identifier of the application - you can compare it against what you are seeing in the Azure AD portal for the MS Tech Comm app.
Again, pay attention to what you are consenting, as there have been some baddies exploiting this already :)
Nov 15 2017 11:05 AM
Nov 15 2017 11:16 PM
Um, well that's about as much as I can help you with all this, I'm not a dev and the whole app model is still something I'm not as familiar with. Maybe open a support case?
Nov 21 2017 12:03 AM
Let us know what the solution is.
Dec 07 2017 01:42 AM
Any News on the issue?
Dec 07 2017 08:10 AM
none yet...been busy with other items in 365 land...
Dec 12 2017 02:58 AM
I would not recommend using company accounts to access this community because if you leave the company , you will lose all of your history in this community.
Oct 31 2018 11:46 AM
Hi Dean, I so wish I had known this when I signed up to the community originally! I was a founding member and member of the week - but all that is gone since changing jobs. Frankly, I don't even see the benefit of linking to Office 365 if there is no way to port your profile to another account or tenant. Guess lesson learned going forward!