Skip to content

How to Resolve the “Need Admin Approval” Error

Office 365

 

The “Need Admin Approval” error may occur when a regular user attempts to get authenticated in Revenue Inbox with one’s Office 365 credentials in the OAuth window:

 

 

What causes the error

The error is caused by User permission settings in corporate MS Azure Active Directory; specifically, the option “User can consent to apps accessing company data on their behalf” is set to “No”, along with its derivative setting for accessing the groups’ data.

These settings can be found in All services -> Enterprise applications -> User settings in MS Azure Active Directory.

>>> Click to see a screenshot <<<

 

   

Problem solutions

 

Method 1

1. Log in to MS Azure AD https://portal.azure.com with Admin credentials
2. Go to Enterprise Applications
3. Select All Applications
4. Type “Revenue Inbox” in the search field to find the App and select it

>>> Click to see a screenshot <<<

 

Note

The application may be absent from the list, in case none of the users registered consent for the App previously. If this is the case, see Method 2 from this article

 

 

After the Step 1 is complete, proceed to the following setup actions:

1. Open the Permissions tab and click Grant Admin consent for %CompanyName%

>>> Click to see a screenshot <<<

 

2. Log in with O365 Admin credentials and click Accept in the Permissions requested dialog that appears

>>> Click to see a screenshot <<<

Note

Revenue Inbox accesses and handles the end users’ email and CRM data in a most secure and private manner, according to our Privacy and Security guarantees, so approving this data access is safe.

 

3. Refresh the page with Permissions for the application you’ve just registered consent for
4. The list of consent permissions will be displayed in the Admin Consent tab on the Applications page

>>> Click to see a screenshot <<<

 

After that, individual users should open RI Sidebar, click the (Menu) button in its upper left corner and select Sync settings or Set up sync

>>> Click to see a screenshot <<<

 

The final setup action required from the end users is to grant access to their mailbox data when prompted in the O365 OAuth dialog. As soon as it is granted, they can start using all Revenue Inbox functions.

 


 

Method 2

There is also another way to resolve the issue: the local Office 365 Admin can register consent for the App on the initial logon. This method requires the O365 Admin to be provisioned as a Revenue Inbox user.

Setup actions to be performed by the Admin:

1. Log in to Revenue Inbox Sidebar with Salesforce credentials registered for the Admin’s account
2. Press on the (Menu) button in the upper left corner of the Sidebar
3. Select Set up sync in the menu

>>> Click to see a screenshot <<<

 

4. Next, Log in with O365 Admin credentials in the O365 OAuth dialog that appears

5. In the following “Permissions Requested” dialog window: select the checkbox Consent on behalf of your organization and click Accept

>>> Click to see a screenshot <<<

 

Authorization is successful, a “Signed in successfully” notification will appear. Now the consent to use the App has been granted for the whole Org and all end users in it are allowed to perform O365 data access authorization for Revenue Inbox.

 

An optional extra Step

In case the O365 Admin does not intend to use the App, the corresponding user can be removed from Revenue Inbox via RI Admin panel. To do that:
1. Log into RI Amin UI with admin credentials
2. Click the Gear (Settings) icon in the upper right corner of the page opened
3. Select Force Delete

>>> Click to see a screenshot <<<

 

After that check that O365 Admin user’s email address was removed from Revenue Inbox users list.

 


 

Method 3

Another option is to allow the end users to register consent for Apps on their own.

Note

If this method is used, the end users will be able to register consent for any third party Apps; for some enterprises such setup might contradict general Office Apps security policies

 

1. Log in to Azure AD using Admin credentials
2. Go to Enterprise applications -> User settings
3. Switch the setting “User can consent to apps accessing company data on their behalf” to Yes

>>> Click to see a screenshot <<<

 

Enabling of the setting “User can consent to apps accessing company data for the groups they own” is optional.

 

 

Also see the following articles:

Revenue Inbox mass deployment scenarios

How Revenue Inbox works with EWS

Microsoft Consent framework

Microsoft App Consent Experience

 

 


Get back to us
We would love to hear from you

Name:

E-mail:

Question or comment: