Resolving "Need Admin Approval" Error for Office 365 OAuth Integration
What causes the error?
The “Need Admin Approval” error may occur when a user attempts to authenticate with their Office 365 credentials in SpotDraft's OAuth window. This error is caused by user permission settings in the organization's Microsoft Azure Active Directory. Specifically, the option “User can consent to apps accessing company data on their behalf” is set to “No,” along with the corresponding setting for accessing group data.
These settings can be found in All services > Enterprise applications > User settings in Microsoft Azure Active Directory.
Solutions to Resolve the Error:
Method 1: Grant Admin Consent for SpotDraft
Step 1: Find the SpotDraft App in Enterprise Applications
- Log in to Microsoft Azure AD at https://portal.azure.com with admin credentials.
- Go to Enterprise Applications.
- Select All Applications.
- Search for "SpotDraft" in the search field, and select the app.
Step 2: Grant Admin Consent
- Open the Permissions tab and click "Grant Admin consent for SpotDraft".
- Log in with Office 365 admin credentials and click "Accept" in the Permissions requested dialog that appears.
Once the admin has granted consent, individual users should be able to log in to SpotDraft using their Microsoft credentials without encountering the "Need Admin Approval" error.
Method 2: Register Consent for the App during the Initial Logon by Office 365 Admin
This method requires the Office 365 admin to be a SpotDraft user.
- Log in to SpotDraft with the Salesforce credentials registered for the admin's account.
- Press on the Menu button in the upper left corner of the SpotDraft interface.
- Select "Set up sync" in the menu.
- Log in with Office 365 admin credentials in the OAuth dialog that appears.
- In the following "Permissions Requested" dialog window, select the checkbox "Consent on behalf of your organization" and click "Accept".
Method 3: Allow End Users to Register Consent for Apps on Their Own
Note: This method allows end users to register consent for any third-party apps, which may not align with some enterprises' security policies.
- Log in to Azure AD using admin credentials.
- Go to Enterprise applications > User settings.
- Switch the setting “User can consent to apps accessing company data on their behalf” to "Yes".
Enabling the setting “User can consent to apps accessing company data for the groups they own” is optional.