We utilize some code (I believe generously borrowed from to add a few menu items to our menu in Canvas.
I am hoping you can provide me with some assistance as I pose these series of questions. Reviewers approving an admin consent requestĬurrently you can’t find the user context or the app ID that was granted admin consent.Hello, community. ScenarioĪdmin enabling the consent request workflowĬurrently you can’t find the user contextĪdmin disabling the consent request workflowĪdmin updating the consent workflow configurationsĮnd user creating an admin consent request for an app The table below outlines the scenarios and audit values available for the admin consent workflow. Their request has been denied or blocked.Requestors will receive email notifications when: A request is nearing the expiration date.
If configured, all reviewers will receive email notifications when: All(Preview): All requests, active or expired, that exist in the tenant.Įach request includes information about the application and the user(s) requesting the application.
Although reviewers can block or deny requests, only people with the correct RBAC permissions to consent to the requested permissions can do so.
To learn how to configure the admin consent workflow, see configure-admin-consent-workflow.md. This way, you can have a queue of all the requests for admin consent for your tenant and can track and respond to them directly through the Azure portal. If you still want to retain admin-only consent for certain permissions but want to assist your end-users in onboarding their application, you can use the admin consent workflow to evaluate and respond to admin consent requests.It's NOT recommended to keep user consent open if you have sensitive data in your tenant. Allow users to consent to the required permissions.
For example, a high school may want to turn off user consent so that the school IT administration has full control over all the applications that are used in their tenant. This situation also requires administrators to create a separate workflow to track requests for applications if they're open to receiving them.Īs an admin, the following options exist for you to determine how users consent to applications: If the user doesn’t know who to contact to grant them access, they may be unable to use the application. When attempting to sign in, users may see a consent prompt like the one in the following screenshot: In this article, you’ll learn about the user and admin experience when the admin consent workflow is disabled vs when it's enabled. In such situations where user consent is disabled, an admin can grant users the ability to make requests for gaining access to applications by enabling the admin consent workflow. Also, users can’t consent to applications when user consent is disabled in the user’s tenant. However, non-admin users aren't allowed to consent to permissions that require admin consent.
There may be situations where your end-users need to consent to permissions for applications that they're creating or using with their work accounts.