如何使用Azure Active Directory授予应用程序对新用户帐户的访问权限?
[英]How do I grant application access to new user accounts using Azure Active Directory?
问题描述
My web application uses Azure Active Directory for authentication. 
我的Web应用程序使用Azure Active Directory进行身份验证。 In my Azure Portal I have an application reference which hooks into the AAD, I also have all the relative keys in place within the web application itself. 在我的Azure门户中,我有一个引用到AAD的应用程序引用,并且在Web应用程序本身中也有所有相关的键。 Everyone in my organisation can log in without any problems but any new user accounts that are added get a message: 我组织中的每个人都可以登录,没有任何问题,但是添加的任何新用户帐户都会收到一条消息:
You can't access this application Company App Registration Name needs permission to access resources in your organization that only an admin can grant.
This is a message that only new accounts get, I can see these new accounts within the AAD and they accounts are identical to other employees, it's as if it's out of sync. 这是一条消息,只有新帐户可以使用,我可以在AAD中看到这些新帐户,并且这些帐户与其他员工相同,就好像它们不同步一样。 Does anyone know what I have done wrong or why new accounts are not automatically picked up? 有人知道我做错了什么,还是为什么不自动提取新帐户?
1 个解决方案
解决方案1
3 已采纳 2017-07-13 18:34:36
I believe you can solve your issue by having an Administrator of your tenant consent to the application on-behalf-of the entire tenant, which should include all new and existing users. 我相信您可以通过让租户的管理员代表整个租户(包括所有新用户和现有用户)代表该应用程序解决您的问题。
To do this, the Administrator can simply go to a login endpoint with the query string prompt=admin_consent . 为此,管理员可以简单地使用查询字符串prompt=admin_consent转到登录端点。
https://login.microsoftonline.com/<TenantID>/oauth2/authorize?client_id=<AppID>&response_type=code&redirect_uri=<RedirectURI>&prompt=admin_consent
You can use this template URL, and simply fill out the variables with your application and tenant information. 您可以使用此模板URL,只需在变量中填写您的应用程序和租户信息即可。 Then, hand it to the administrator and have them consent to the app. 然后,将其交给管理员,并让他们同意该应用程序。
Let me know if this helps! 让我知道这是否有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.