Skip to main content
All CollectionsSettingsLogin Methods and Troubleshooting
SSO Login - Approval Required
SSO Login - Approval Required
Martin Nordli-Mathisen avatar
Written by Martin Nordli-Mathisen
Updated over a week ago

Users may get the following notifications when trying to authenticate with Microsoft. The guide below will go through how to approve users Access.

Need admin approval

The below occurs if your Office365 Admin has enabled advanced security settings within Azure Active Directory (Microsoft's cloud-based application access management) to restrict access to third party applications (like Ignite).

azure active directory - Microsoft Graph: "Need admin approval" for non admin consent required scope "User.ReadBasic.All" during login - Stack Overflow

How an Admin can give permissions

The admin will need to create a new session and sign into the application as an admin user to grant permission.

To adjust the Need Admin Approval:

  1. Go to the Azure Active Directory admin center.

  2. Go to Enterprise applications > User settings.

  3. There are two settings that control the authentication for the user.

    1. Users can consent to apps accessing company data on their behalf

    2. Users can consent to app accessing company data for groups they own

Toggle both to yes if you want users to authenticate themselves or toggle both to no to require administrative permission.

Request admin consent:

1. Sign in to the Azure portal as a Global Administrator.

2. Enterprise Applications > User settings' page
2. Enable "Users can request admin consent to apps they are unable to consent to"
3. Register some trusted user who has an email inbox as a reviewer by pressing the "+ Add users" button.
4. press save.

Approval Required

Depending on the authorization given by the Microsoft Admin, the below notification may appear

  1. When you reach the "need admin approval" page, the user will need to request approval.

  2. Microsoft will send an email to the admin for the request - they'll need to press 'approve' in the email sent by Microsoft - this has now approved the user to connect to Ignite

  3. In Ignite, the user will need to re-sign into your email as you previously did and it will work now that they now have admin approval.

Additional Information (Microsoft Documentation)

See this article from Microsoft for further details. If you are still having troubles, please reach out to your relevant IT department, or Microsoft directly to ensure there are no other security settings that need updating.

Related Articles
Open APIs for our Customers
Getting Started: Navigation and Settings
Login Methods to Ignite
Did this answer your question?