Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Need Admin Approval" for Microsoft Extensions #27

Open
SamuelOhrenberg-OCCC opened this issue Aug 31, 2023 · 1 comment
Open

"Need Admin Approval" for Microsoft Extensions #27

SamuelOhrenberg-OCCC opened this issue Aug 31, 2023 · 1 comment

Comments

@SamuelOhrenberg-OCCC
Copy link

SamuelOhrenberg-OCCC commented Aug 31, 2023

Hello,

Apologies if this is not the right place. Please close the issue if it isn't.

If it is, I'd love to get some input / insight into an issue with the Microsoft Extensions provided in the library. My institution is in the midst of implementing Ellucian Experience and we just finished up our Experience Toolkit Workshop with a consultant. The last thing we tried to set up in the workshop were the Microsoft Extensions in this library so we could see how Experience can work with Outlook and OneDrive.

We followed the steps to create the app in Azure which seemingly had no issues. We also got the extensions uploaded to Experience with no issues.

When we go to the card in Experience, it pops up with the sign in page. After signing in, instead of getting the screen where the user would allow the application to access their data, we receive the following error message. I've also included a screenshot of the error message.


Need admin approval

needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

image


Our consultant was unfortunately able to diagnose the problem. My supervisor is contacting our SysAdmin to see if they know of any reason why this would be happening. However, I thought I might also create an issue here to see if other people ever ran into this / so that if anybody else does run into it that they might be able to find this post.

Additional information:

  • We are a fully Office 365 institution at this point - we no longer have any On Prem exchange.
  • The application in Azure does have our Experience URL as a "spa" Redirect URI
  • The spa redirect URI does have the message "Your Redirect URI is eligible for the Authorization Code Flow with PKCE."
  • Only the following Microsoft Graph API Permissions are listed in Azure
    • Files.Read
    • Files.Read.All
    • Mail.Read
    • Mail.Read.Shared
    • User.Read
    • User.ReadBasic.All
  • All of the API permissions do show that "Admin consent required" is "No"

image

(I blocked out the url to our test experience instance. I don't know if that's actually really necessary - but I'm err'ing on the side of caution since GitHub is public facing)

image

@SamuelOhrenberg-OCCC
Copy link
Author

P.S. I went to a session about this community at E-Live this year, so I've been eagerly awaiting our implementation of Ellucian Experience so that I could start getting more involved with this community. This has nothing to do with the issue at hand - I just wanted to let you all know that the session left a great impression!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant