Skip to main content

I am IT manager and have followed guide to register new app in azure with recommended Graph and SP permissions, also granted on behalf of the org but for some reason all users are still getting this needs admin approval and it is driving me bonkers, Please can someone assist me. We are using FME 2020.2, Single Tenant and the guide i have carefully followed is here How to Create a SharePoint Web Connection for FME Form [Single Tenant] (safe.com)

 

As i am admin, the connector works fine for me with the new registered app ID and other specifics but just none else,

Hello @mickhougthon20​ , thanks for posting! Can you try editing the Authorization URL in your sharepoint web service? Please try changing "&prompt=consent" to "&prompt=none". imageYou can also try simply removing "&prompt=consent" from the authrozation URL entirely (it should work)! Let me know if you're still having issues! Best, Kailin


Hello @mickhougthon20​ , thanks for posting! Can you try editing the Authorization URL in your sharepoint web service? Please try changing "&prompt=consent" to "&prompt=none". imageYou can also try simply removing "&prompt=consent" from the authrozation URL entirely (it should work)! Let me know if you're still having issues! Best, Kailin

Thanks for your quick response but this has not helped, After clearning cache and testing with a test account i get' network error interaction required'


Thanks for your quick response but this has not helped, After clearning cache and testing with a test account i get' network error interaction required'

Hello @mickhougthon20​, sorry we didn't have any luck there. Would you be able to try  "&prompt=login" in the authorization URL. Please feel free to update me again if the issue persists, hopefully this will satisfy the required interaction! Best, Kailin.


Thanks for your quick response but this has not helped, After clearning cache and testing with a test account i get' network error interaction required'

This has worked on my test account but i will have to see on Monday how it effects the real users. Its looking positive so far so thanks for this. Will let you know if this fixes the problem so it can maybe documented on the website for others in the FAQ :)


Thanks for your quick response but this has not helped, After clearning cache and testing with a test account i get' network error interaction required'

Thank you so much this has been confirmed as workjng across our tenant now, :)


Thanks for your quick response but this has not helped, After clearning cache and testing with a test account i get' network error interaction required'

Thank you for the update @mickhougthon20​, glad we got it working! Kailin.


Thanks for your quick response but this has not helped, After clearning cache and testing with a test account i get' network error interaction required'

Thank you, I will try it.

 

 

 

 

 

 

 

Thank you, I will try it. First of all, Ensure that the app registration has been granted consent by an admin in your organization. One of my friends is searching for a writing service. Here you can find important sources of assignments by seeing reviews, exposing both its advantageous features and potential drawbacks. From diverse services to intermittent delays, they present an unbiased evaluation to aid your choice. This is the best platform for students.


Hi @kailinatsafe, I've similar problem as @mickhoughton20, as a user, I cant go through, the prompt to request admin approval keeps popping up. But when the it manager logs in as himself in the prompt, it is success. We also wonder where the request emails go to.


@angwan​  Can you please confirm that you have verified that you have you have the correct &prompt value for your Authorization URL for your Sharepoint configuration: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow#send-the-sign-in-request

image001In the Microsoft Graph API authorization URL, the "prompt" parameter is used to specify whether the user should be prompted to sign in or to consent to the requested permissions.  Consider removing &prompt=consent from the authorization url, or change to &prompt=none. The following options are available for the "prompt" parameter:

  • "login": The user will be prompted to sign in, even if they have already signed in before.
  • "consent": The user will be prompted to consent to the requested permissions, even if they have already consented before.
  • "select_account": The user will be prompted to select an account to sign in with, and then they will be prompted to consent to the requested permissions.
  • "none": The user will not be prompted to sign in or consent, and the authentication request will fail if the user is not already signed in and has not already consented to the requested permissions. This option is only recommended if you are sure that the user has already signed in and has already consented to the requested permissions.

By default, if the "prompt" parameter is not specified, the user will be prompted to sign in and consent to the requested permissions if necessary. We've had users who have overcome this by setting the "prompt" to one of the options above as well (i.e. &prompt=select_account). Let us know if you have any luck.


@angwan​  Can you please confirm that you have verified that you have you have the correct &prompt value for your Authorization URL for your Sharepoint configuration: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow#send-the-sign-in-request

image001In the Microsoft Graph API authorization URL, the "prompt" parameter is used to specify whether the user should be prompted to sign in or to consent to the requested permissions.  Consider removing &prompt=consent from the authorization url, or change to &prompt=none. The following options are available for the "prompt" parameter:

  • "login": The user will be prompted to sign in, even if they have already signed in before.
  • "consent": The user will be prompted to consent to the requested permissions, even if they have already consented before.
  • "select_account": The user will be prompted to select an account to sign in with, and then they will be prompted to consent to the requested permissions.
  • "none": The user will not be prompted to sign in or consent, and the authentication request will fail if the user is not already signed in and has not already consented to the requested permissions. This option is only recommended if you are sure that the user has already signed in and has already consented to the requested permissions.

By default, if the "prompt" parameter is not specified, the user will be prompted to sign in and consent to the requested permissions if necessary. We've had users who have overcome this by setting the "prompt" to one of the options above as well (i.e. &prompt=select_account). Let us know if you have any luck.

Hi @nampreetatsafe ,

Thanks for the suggestion. I've tried all the options before, and the pop up still asks request for admin approval as a user(see attached).But for IT manager who is an admin,it works fine. Still, we've not traced where the email request gets delivered to. The IT manager, cant see any of the requests.imagecheers


Hi @nampreetatsafe ,

Thanks for the suggestion. I've tried all the options before, and the pop up still asks request for admin approval as a user(see attached).But for IT manager who is an admin,it works fine. Still, we've not traced where the email request gets delivered to. The IT manager, cant see any of the requests.imagecheers

mute

Kind regards,
Mick Houghton
IT Manager | Balfour Beatty VINCI
South Drive | Coleshill Manor Campus | B46 1DL
M: 07805 800 437 | E: Mick.Houghton@BalfourBeattyVinci.com | LinkedIn<http://www.linkedin.com/in/mickhoughton>

A picture containing text, font, screenshot, line Description automatically generated]

Reporting IT Incidents, IT Requests & FAQ's<https://bbvjv.sharepoint.com/sites/TechnologyandData/SitePages/ITSupport.aspx> - Need further help; ITSupport@balfourbeattyvinci.com

-@nampreetatsafe​ It now works. SharePoint Global admin receives email for approval. The approve consent request once granted, close the app and ready to use it with the app set to '&prompt=consent'

Cheers

 


Reply