MSGRAPH api sign in asks user for Need admin approval

Amar Bardoliwala 1 Reputation point
2022-05-23T08:44:16.433+00:00

Hello friends,
I have a web app called WORXFLOW-PORTAL
I am using Microsoft graph api from my php web application to sign in user and accept user concent.

I am using following login uri

https://login.microsoftonline.com/common

with following scopes

openid profile User.ReadWrite Mail.ReadWrite Mail.Send Calendars.ReadWrite Contacts.ReadWrite Tasks.ReadWrite

For some users it works ok asking user consent for above permission

For some users it simply shows following as shown in image below
204575-firefox-screenshot-2022-05-23t08-35-27891z.png

User trying to get access to our web app is outlook free account user.

I read few solutions here but it did not help.

Permission and consent related settings seems to be ok to me.

Please let me know your view about how to check this step by step.

Thank you.

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
215 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,427 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,606 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 100.2K Reputation points MVP
    2022-05-23T09:37:14.437+00:00

    This is the "risk-bsed step up consent" feature, as detailed here: https://video2.skills-academy.com/en-us/azure/active-directory/manage-apps/configure-risk-based-step-up-consent
    To avoid this from happening, consider verifying your publisher ID, as the feature will automatically flag any non-verified apps when used outside of their "home" tenant.

    0 comments