You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/application-sign-in-unexpected-user-consent-prompt.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,37 +8,37 @@ ms.service: active-directory
8
8
ms.subservice: app-mgmt
9
9
ms.workload: identity
10
10
ms.topic: troubleshooting
11
-
ms.date: 09/06/2022
11
+
ms.date: 09/07/2022
12
12
ms.author: ergreenl
13
13
ms.reviewer: phsignor, yuhko
14
14
ms.collection: M365-identity-device-management
15
15
---
16
16
17
17
# Unexpected consent prompt when signing in to an application
18
18
19
-
Many applications that integrate with Azure Active Directory require permissions to various resources in order to run. When these resources are also integrated with Azure Active Directory, permissions to access them is requested using the Azure AD consent framework. This results in a consent prompt being shown the first time an application is used, which is often a one-time operation.
19
+
Many applications that integrate with Azure Active Directory require permissions to various resources in order to run. When these resources are also integrated with Azure Active Directory, permissions to access them is requested using the Azure AD consent framework. These requests result in a consent prompt being shown the first time an application is used, which is often a one-time operation.
20
20
21
-
In certain scenarios, additional consent prompts can appear when a user attempts to sign-in. In this article, we will diagnose the reason for the additional consent prompts showing, and how to troubleshoot.
21
+
In certain scenarios, additional consent prompts can appear when a user attempts to sign-in. In this article, we will diagnose the reason for the unexpected consent prompts showing, and how to troubleshoot.
Additional prompts can be expected in various scenarios:
27
+
Further prompts can be expected in various scenarios:
28
28
29
-
* The application has been configured to require assignment. Individual user consent is not currently supported for apps which require assignment, and thus the permissions must be granted by an admin for the whole directory. If you configure an application to require assignment, be sure to also grant tenant-wide admin consent so that assigned user can sign-in.
29
+
* The application has been configured to require assignment. Individual user consent is not currently supported for apps which require assignment; thus the permissions must be granted by an admin for the whole directory. If you configure an application to require assignment, be sure to also grant tenant-wide admin consent so that assigned user can sign-in.
30
30
31
31
* The set of permissions required by the application has changed by the developer and needs to be granted again.
32
32
33
33
* The user who originally consented to the application was not an administrator, and now a different (non-admin) user is using the application for the first time.
34
34
35
35
* The user who originally consented to the application was an administrator, but they did not consent on-behalf of the entire organization.
36
36
37
-
* The application is using [incremental and dynamic consent](../azuread-dev/azure-ad-endpoint-comparison.md#incremental-and-dynamic-consent) to request additional permissions after consent was initially granted. This is often used when optional features of an application additional require permissions beyond those required for baseline functionality.
37
+
* The application is using [incremental and dynamic consent](../azuread-dev/azure-ad-endpoint-comparison.md#incremental-and-dynamic-consent) to request further permissions after consent was initially granted. Incremental and dynamic consent is often used when optional features of an application require permissions beyond those required for baseline functionality.
38
38
39
39
* Consent was revoked after being granted initially.
40
40
41
-
* The developer has configured the application to require a consent prompt every time it is used (note: this is not best practice).
41
+
* The developer has configured the application to require a consent prompt every time it is used (note: this behavior is not best practice).
42
42
43
43
> [!NOTE]
44
44
> Following Microsoft's recommendations and best practices, many organizations have disabled or limited users' permission to grant consent to apps. If an application forces users to grant consent every time they sign in, most users will be blocked from using these applications even if an administrator grants tenant-wide admin consent. If you encounter an application which is requiring user consent even after admin consent has been granted, check with the app publisher to see if they have a setting or option to stop forcing user consent on every sign in.
0 commit comments