Comm100 Support > Troubleshooting FAQ
Why am I Receiving a "Need admin approval" Error Message in Ticketing & Messaging

This article outlines issues you might be experiencing while reauthorizing your Office 365 and Shared Mailbox emails with Comm100 Ticketing & Messaging.


Problem

When integrating or reauthorizing the Office 365 and Shared Mailbox type email accounts with Comm100 Ticketing & Messaging, I receive a "Need admin approval" error message. 

kb-re-07.png


Cause

The potential cause could be incorrect user/admin consent settings or permissions in the Azure portal.


Solution

You can review user/admin consent settings in the Azure portal based on the correct user/admin consent settings and permissions. It includes the following scenarios:

  • Restricted resource access to allow app integration (MS Recommended)
  • No user consent; requires admin consent for apps.
  • No user consent; requires admin consent for apps, but admin consent request disabled.


Restricted Resource Access to Allow App Integration (MS Recommended)

On the All services > Enterprise applications > Consent and permissions > User consent settings page, if you have selected the Allow user consent for apps from verified publishers, for selected permission (Recommended) option. 

kb-re-01.png

On the All services > Enterprise applications > Consent and permissions > Permission classifications page, create permissions set to allow limited permissions for user consent. 

API used

Permissions    
Description
Microsoft Graph    
Mail.Send.Shared
Send mail on behalf of others.
Microsoft Graph    
Mail.Read.Shared
Read user and shared mail.
Microsoft Graph    
openid
Sign users in.
Microsoft Graph    
offline_access
Maintain access to data you have given it access to.
Microsoft Graph    
Mail.Send
Send mail as a user.
Microsoft Graph    
Mail.Send
Read user mail.
Microsoft Graph    
profile
View users' basic profile.
Microsoft Graph    
email
View users' email address.

kb-re-02.png

Follow the app integration flow, which prompts the user for consent and allows them to integrate the app with the permissions.


No User Consent; Requires Admin Consent for Apps

On the All services > Enterprise applications > Consent and permissions > User consent settings page, an administrator will be required for all apps if you have selected the Do not allow user consent option.

kb-re-03.png On the All services > Enterprise applications > Consent and permissions > Admin consent settings page, turn the Users can request admin consent to apps they are unable to consent to toggle key to Yes

kb-re-04.png On the Home > Enterprise applicationss > Admin Consent request page, the administrator can see and approve the pending request. 

kb-re-05.png

Restart the integration flow after you receive the approval. Now the app will not prompt for consent and allow integration.


No User Consent; Requires Admin Consent for Apps, but Admin Consent Request is Disabled

On the All services > Enterprise applications > Consent and permissions > User consent settings page, if you have selected the Do not allow user consent option, then an admin consent for apps will be required for all apps but is set as disabled.

kb-re-03.png On the All services > Enterprise applications > Consent and permissions > Admin consent settings page, turn the Users can request admin consent to apps they are unable to consent to toggle key to No

kb-re-06.png Here, when you try to integrate the app, an option displays to allow the admin to log in.

kb-re-07.png 

The admin logs in, provides consent on behalf of the organization, and marks acceptance of the consent. 

kb-re-08.png

After giving consent on behalf of the organization, subsequent integrations will be without any consent prompt or approval.