AADSTS90093:Calling principal cannot consent due to lack of permissions in Azure Active directory
Question
We have a requirement to integrate the Web application to Azure active directory Multi-tenant authentication. We have changed the end point URL to " https://login.microsoftonline.com/common ". We tried to login to our application with our work email id. We got the following Error.
Additional technical information:
Correlation ID: 72ec287c-XXXX-XXXX-XXXX-4bf49d167541 Timestamp: 2017-04-07 09:48:57Z AADSTS90093: Calling principal cannot consent due to lack of permissions.
We have find that we missed some permissions to our Application in AD.Could anyone please help us what kind of permissions need to provide.
Thanks in advance.
2 answers
solution1
0 2017-04-07 10:49:21
The error is saying that the user who is logging in cannot give consent for the app. When you log in from a tenant where the app is not yet consented, you must be an AAD admin.
solution2
0 2017-04-11 03:08:05
This error indicates that the users are not able to give the consent to the app.
There are two permission level in Azure AD developing, one requires administrator's consent and the other doesn't.
If the app you were using was developed by your organization, you also can grant the permission via the Azure portal when it is register like figure below:
If the app was developed by other organization, please ensure the app also provide a way(maybe a separate button) to grant the consent for the organization. Then you can notify the administrator to grant the permission for all organization. More detail about the admin consent , you can refer this document .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.