My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Troubleshooting Guides
  3. Email Notification Troubleshooting

Understanding Microsoft SSO Login Approval Requests and How to Fix Them

2 mins read
Updated:

In BoldDesk, users may encounter login issues when signing in via Microsoft Single Sign-On (SSO), particularly when Microsoft displays an “Approval Required” prompt. This typically occurs due to permission restrictions or consent policies configured in Azure Active Directory (Azure AD).

This article outlines the reasons behind this approval request and provides steps to resolve it effectively.

Why is Approval Requested?

During user login, BoldDesk requests access to sensitive Microsoft 365 data and resources such as the user profile, email, and Teams, which require admin consent within Azure Active Directory (Azure AD). As a result, Microsoft may prompt for admin approval, especially in Azure AD environments with strict consent policies.

Approval_Required_for_SSO_Login.png

Circumstances for approval request:

  1. Admin Consent Is Required for the Application
    BoldDesk may request access to user profile data or Microsoft Graph APIs. If these permissions require admin consent and have not been granted, users will be blocked from logging in.

  2. Consent Has Not Been Granted for All Users
    Even if an admin has approved the app, the consent may be scoped only to the admin or a specific group. Other users will still see the approval prompt unless tenant-wide consent is configured.

  3. Admin Consent Workflow Is Enabled
    Some organizations enforce an Admin Consent Workflow, which requires users to request access and wait for an administrator to manually approve the app.

  4. Application Permissions Have Changed
    If BoldDesk updates its required permissions, previously granted consent may no longer be valid. This can trigger a new approval request.

Resolution Step

Contact your Azure AD administrator to remove the approval process or to approve the BoldDesk application for organizational use and ensure tenant-wide consent is granted for all users. For more details, refer to Microsoft’s documentation on Admin Consent Workflow.

On setting up SSO with Azure AD, please refer to this documentation: How to Integrate Single Sign-On (SSO) with BoldDesk
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Please  to leave a comment
Access denied
Access denied