Only show these results:

Admin Approval

You can adjust your user settings or API permissions to control how users authenticate against your application.

Need Admin Approval

If a user tries to authenticate against an application and an admin hasn't granted consent, they will see a screen that prompts them to either continue without permission or for an admin to log in and grant permission.

There are two ways an admin can give permissions:

  1. Give admin consent in the API permissions and re-authenticate the user.
    The Microsoft Azure Portal showing the "Admin consent requests" page.

  2. Create a new session and sign into the application as an admin user to grant permission.

    Need admin approval

User Settings

To control if your users can authenticate themselves against the Nylas application or if an administrator needs to approve the application, you'll need to adjust your Enterprise Applications User Settings.

Verified App Publisher

As of November 20, 2020, Microsoft requires you to be a verified publisher, otherwise your users will be presented with an error screen. You'll need to complete the verification process before changing your user settings. Read more at Microsoft Publisher verification. Keep in mind that a verified publisher is not the same as a verified domain. You'll need to go through both steps.

To adjust the Need Admin Approval setting, navigate to Enterprise applications, and click Consent and permissions in the left navigation. The User consent settings page shows options for two settings:

  • User consent for applications (Allows the user to grant access to their data to applications.)
  • Group owner consent for apps accessing data (Allows group owners to grant applications access to their group's data)

Set both of the settings to one of the Allow settings if you want your users to be able to authenticate themselves. If you want your users to require administrative permission, set both options to Do not allow.

The Microsoft Azure Portal showing the "User settings" page for an enterprise application.

For certain functionality, such as room resources, the API permissions that Nylas requires will need approval from an administrator. For example, the
Place.Read.All permission requires an administrator to grant approval.

To give Admin consent from the Azure Portal, follow the steps below:

  1. Navigate to the Enterprise Applications area and select the application that you want to configure.
  2. Click on API Permissions.
  3. Follow the on-screen steps to give Admin consent.
    The Microsoft Azure Active Directory Admin Center showing the "API permissions" page for an enterprise application. The "Place.Read.All" permission is highlighted, and its status shows the permission is not granted for the application.

Authorizing an App as an Administrator

This process lets you as an administrator authenticate users on their behalf. In some cases, users may not be able to authenticate without administrator or company permission. Use the options below to get approval from the mail administrator.

Send an Approval Request to the Mail Administrator

This process outlines the steps for the mail administrator to approve the account's authentication:

  1. Select the Request approval from the prompt. This notifies the mail administrator.
  2. The mail administrator receives an email notification that the user has requested approval.
  3. The mail administrator then logs in with an admin account on the Microsoft Azure Portal or through the link in the approval request email.
  4. Navigate to Enterprise Application.
  5. Click on Admin consent requests. From here, the mail administrator can see all pending requests and can give consent to the user here.
  6. When the above steps are complete, the user can then restart the authentication process and connect the account to Nylas.

Contact the Mail Administrator

You can share the process below with the mail administrator for the account:

  1. The mail administrator can configure these settings on the Azure application. This lets users consent to the app without having to contact their admin.
  2. The mail administrator logs in to the Microsoft Azure Portal.
  3. Navigate to Enterprise Application.
  4. Click on User settings.
  5. Configure and allow the Users can request admin consent to apps they are unable to consent to option.
  6. Confirm these settings in consent and permissions.
  7. Navigate to Enterprise Application.
  8. Click on Consent and permissions.
  9. Click on User consent settings and configure the Allow user consent for apps option.
  10. When the above steps are complete, the user can then restart the authentication process and connect the account to Nylas.

Contact the Customer's Mail Administrator

To assist in finding the source for blocked access, you can give the following information to the customer's mail administrator:

  • Timestamp of the login attempt.
  • Email address of the account.