iOS 使用 Azure AD 进行身份验证
[英]iOS authentication with Azure AD
问题描述
We have an iOS app that connect to Azure AD for authentication.
我们有一个 iOS 应用程序连接到 Azure AD 进行身份验证。 We use MSAL library in iOS app to call the azure AD.我们在 iOS 应用程序中使用 MSAL 库来调用 azure AD。 We are facing some issue when trying to authenticate.我们在尝试进行身份验证时遇到了一些问题。 The error says that we need to configure the app registration to support multi tenant application.该错误表明我们需要配置应用程序注册以支持多租户应用程序。 The error is confusing because we only have one tenant in our Azure AD.该错误令人困惑,因为我们的 Azure AD 中只有一个租户。
If we add the tenant it will ask for Approval.如果我们添加租户,它将请求批准。 Why it's asking for approval?为什么要征求意见? how can we remove that approval?我们如何取消该批准?
1 个解决方案
解决方案1
0 已采纳 2022-04-13 10:14:20
Please check the authorization URL you are currently using to sign-in your application.请检查您当前用于登录应用程序的授权URL。
If it is somewhat like below, only users from that tenant will be able to log in.
https://login.microsoftonline.com/<tenantid>如果有点像下面,只有来自该租户的用户才能登录。 https://login.microsoftonline.com/<tenantid>If this tenant Id corresponds to one of your organizations where you manage users, you can grant admin consent to that tenant in Azure portal like below:
如果此租户 ID 对应于您管理用户的组织之一,您可以在Azure 门户中向该租户授予管理员许可,如下所示:
Go to Azure portal -> Azure Active directory -> Your application -> API permissions -> Add required permissions -> Grant admin consent. Go 到 Azure 门户 -> Azure 活动目录 -> 您的应用程序 -> API 权限 -> 添加所需权限 -> 授予管理员同意。
Otherwise , you should either replace this with the tenant Id of that tenant or with ' common ' which allows users from any tenant to sign in like this:
https://login.microsoftonline.com/common/否则,您应该将其替换为该租户的租户 ID 或替换为允许任何租户的用户像这样登录的“ common ”: https://login.microsoftonline.com/common/If not, users from other tenant gets this approval page.
如果没有,来自其他租户的用户将获得此批准页面。An administrator must provide Admin Consent in the case where access is required to more sensitive resources, or at a broader scope.
如果需要访问更敏感的资源或更广泛的 scope,管理员必须提供管理员同意。Granting tenant-wide admin consent requires you to sign in as a Global Administrator , an Application Administrator , or a Cloud Application Administrator.
授予租户范围的管理员许可需要您以全局管理员、应用程序管理员或云应用程序管理员身份登录。
If you want to remove that admin consent screen,如果您想删除该管理员同意屏幕,
Go to Azure portal -> Azure Active directory -> Enterprise Applications -> Consent and permissions -> User Consent Settings Go 到 Azure 门户 -> Azure 活动目录 -> 企业应用程序 -> 同意和权限 -> 用户同意设置
To know more in detail, please find below links if they are helpful.要了解更多详细信息,请找到以下链接(如果它们有帮助)。
References:参考:
Azure SSO- How to remove approval required screen after sign in - Stack Overflow Azure SSO-如何在登录后删除需要批准的屏幕 - 堆栈内存溢出
How to fix the 'Need admin approval' error while trying to sign in to the signature management app (codetwo.com) 尝试登录签名管理应用程序时如何修复“需要管理员批准”错误 (codetwo.com)
Exchange Online: Apple Inte.net Accounts - Need admin approval | Exchange Online:Apple Inte.net 帐户 - 需要管理员批准 | diec.net diec.net
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.