Get a quick quote with our pricing calculator

Knowledge Base

Browse our knowledge base articles to quickly solve your issue.

Knowledgebase articles

O365 Exchange authentication Troubleshooting

How to solve “Need Admin Approval” error.

NOTE: Errors with the authorisation of the WESS will almost certainly need the person who is Microsoft Admin in your organisation to help resolve

The “Need Admin Approval” error may occur when a regular user attempts to get authenticated in the WESS Add-In with one’s Office 365 credentials in the OAuth window:

What causes the error

The error is caused by User permission settings in the corporate MS Azure Active Directory; specifically, the option “User can consent to apps accessing company data on their behalf” is set to “No”, along with its derivative setting for accessing the groups’ data.

These settings can be found in All services > Enterprise applications > User settings in MS Azure Active Directory. Eg.

How to solve this problem:

Method 1:

STEP 1: GRANT ADMIN CONSENT FOR THE NECESSARY APPLICATION

1. Log in to MS Azure AD https://portal.azure.com with Admin credentials
2. Go to Enterprise Applications
3. Select All Applications
4. Type the application name in the search field to find the App and select it

Note: The application may be absent from the list, in case none of the users registered consent for the App previously. If this is the case, see Method 2.

STEP 2: GRANT ADMIN CONSENT

After Step 1 is complete, proceed to the following setup actions:

1. Open the Permissions tab and click Grant Admin consent for %CompanyName%

2. Login with O365 Admin credentials and click Accept in the Permissions requested dialog that appears

Note

The server-side sync accesses and handles the end users’ email and CRM data in a most secure and private manner, according to our Privacy and Security guarantees, so approving this data access is safe.

3. Refresh the page with Permissions for the application you’ve just registered consent for
4. The list of consent permissions will be displayed in the Admin Consent tab on the Applications page

After that, individual users should open the Add-In and select Sync settings or Set up sync

 

The final setup action required from the end-users is to grant access to their mailbox data when prompted in the O365 OAuth dialog. As soon as it is granted, they can start using all application functions.

Method 2

There is also another way to resolve the issue: the local Office 365 Admin can register consent for the App on the initial login. This method requires the O365 Admin to be provisioned as a WESS user (this may not be appropriate if you have an external IT team as they will need to be a user of Workbooks aswell)

Setup actions to be performed by the Admin:

1. Provision to the WESS with the credentials registered for the Admin’s microsoft account.

2. Open the Sync configuration page through Workbooks configuration > Email Integrations > Exchange Sync > Configuration > select organisation > Users > select the admin user , go to Email Configuration and Log in with O365 Admin credentials in the O365 OAuth dialog that appears

3. In the following “Permissions Requested” dialog window: select the checkbox Consent on behalf of your organization and click Accept

If authorization is successful, a “Signed in successfully” notification will appear. Now the consent to use the App has been granted for the whole Org and all end-users in it are allowed to perform O365 data access authorization.