Azure AD – You can now configure Admin Consent workflow

As you may already know, applications integrated with Azure AD may required administrators consent to allow them access your Azure AD data (for example read user profile).

When a user tries to access an application with requires admin consent but has not been approved it, it starts to be a long support process to get the application.

Good news, the admin consent process has been updated to be more streamlined; you can now configure a workflow to let Azure AD administrators review and approve/decline requests.

First things first, you need to have enable the Users can request admin consent to apps they are unable to consent to preview capability available under Enterprise Applications\User Settings from either your Azure portal (https://portal.azure.com/) and accessing your Azure AD blade or your Azure AD portal (https://aad.portal.azure.com/)

image

When enabling this option, you can select the Azure AD administrator(s) to received the notification; unfortunately for now (maybe a preview limitation) you can not define a group of users.

Then next time a user tries to use to access an application which has not been yet granted by an administrator, they will get the ability to send a request while providing the required access level for the application; they have to fill a justification for the request

image  image

Then the defined administrators will receive an email notification; they can also check from the Enterprise applications\Admin consent requests blade (to which the Review request button sends to)

image  image

From there they can now approve or decline the request

image

Leave a Comment

Your email address will not be published. Required fields are marked *