You can adjust your user settings or API permissions to control how users authenticate against your application.
If a user tries to authenticate against an application that has requires and has not been granted Admin consent, the user will be shown a screen that prompts them to continue without permission or for an admin user to log in and grant the correct permission.
There are two ways an admin can give permissions:
- Give Admin consent in the API permissions, then re-authenticate the user.
- Create a new session and sign into the application as an admin user to grant permission.
To control if users can authenticate themselves against the Nylas application or if an administrator needs to approve the application, you need to adjust your Enterprise Applications User Settings.
Verified App Publisher
As of 11/20/2020 Microsoft requires you to be a verified publisher, otherwise your users will be presented with an error screen. You'll need to complete the verification process before changing your user settings. Read more at Microsoft Publisher verification. A verified publisher is not the same as a verified domain. You'll need to go through both steps.
To adjust the Need Admin Approval:
- Go to the Azure Active Directory admin center.
- Go to Enterprise applications > User settings.
- There are two settings that control the authentication for the user.
- Users can consent to apps accessing company data on their behalf
- Users can consent to app accessing company data for groups they own
Toggle both to yes if you want users to authenticate themselves or toggle both to no to require administrative permission.
For particular functionality, such as room resources, the API permissions Nylas requires need to be approved by an administrator. For example, the
Place.Read.All permission requires an administrator to grant approval.
To give Admin consent from the Azure Portal:
- Go to your Azure Portal.
- Navigate to the Enterprise Applications area and select the application that needs the permission.
- Click on API Permissions.
- Follow the on-screen steps to give Admin consent.