none
Admin consent needed for an AAD app which doesn't have any permission requiring admin consent RRS feed

  • Question

  • We have developed a native app and a web API under the same AD (not a multi tenant solution), and configuring the apps as per the documentation - docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis

    the client application needs to access the web API As signed in user (delegate permissions) but we are still getting the error admin permission required when trying to sign in, screenshot attached

    The only permission in the native app is AAD -> user.read

    webapi -> user_impersonation

    and they clearly state admin consent not required


    Thursday, May 2, 2019 1:49 PM

All replies

  • Yes, user.read delegated permissions does not require admin consent.   I do not see any screenshot but have you added any other permissions to the app ?
    Thursday, May 2, 2019 5:48 PM
    Moderator
  • In native app the only two permissions given are AAD Graph -> user.read (delegated) and webAPI -> user_impersonate

    In webapi only one permission is given AAD Graph -> user.read (delegated) 

    Not able to post screenshots



    Friday, May 3, 2019 4:30 AM
  • Ensure that you grant the directory access for the app. That might be all you need to do.
    Monday, June 3, 2019 11:29 PM
    Moderator