Symptom: If you are trying to execute a login flow for an application in Windows Azure AD which essentially lets it your application obtain an access token and refresh token for your user id from Windows Azure AD, you might see the following error message on the Microsoft login screen.
Resolution: The reason behind this is that the application you are signing up for is has not gone through admin consent flow and is asking for permissions to be granted. This usually happens when you have manually registered the app in the Azure AD portal instead of going through the admin consent flow. If you receive this message, login to Azure portal with global admin credentials and navigate the registered Windows Azure AD app and click the Grant Permission button with relevant app and user permissions selected.
When it comes to AgilePoint Portal or AgilePoint Server, it just needs the 3 user level permissions shown in the screenshot below
- Sign in and read user profile
- Read all users’ full profiles
- Read directory data
