Admin consent needed for an AAD app which doesn't have any permission requiring admin consent RRS feed

  • Question

  • We have developed a native app and a web API under the same AD (not a multi tenant solution), and configuring the apps as per the documentation -

    the client application needs to access the web API As signed in user (delegate permissions) but we are still getting the error admin permission required when trying to sign in, screenshot attached

    The only permission in the native app is AAD ->

    webapi -> user_impersonation

    and they clearly state admin consent not required

    Thursday, May 2, 2019 1:49 PM

All replies

  • Yes, delegated permissions does not require admin consent.   I do not see any screenshot but have you added any other permissions to the app ?
    Thursday, May 2, 2019 5:48 PM
  • In native app the only two permissions given are AAD Graph -> (delegated) and webAPI -> user_impersonate

    In webapi only one permission is given AAD Graph -> (delegated) 

    Not able to post screenshots

    Friday, May 3, 2019 4:30 AM
  • Ensure that you grant the directory access for the app. That might be all you need to do.
    Monday, June 3, 2019 11:29 PM