How can we help you today?
Problems Granting Consent when creating Entra ID App with setup Wizard
Contents
Introduction
When using the MyWorkDrive wizard to create an App in Azure to provide connection to Graph API, you may be unable to complete the Grant of Authorization step in the wizard, getting stuck on Step 4 of the Entra ID Setup process, Review Application.
You may get stuck on this page, or stuck in a loop being constantly returned to this page, unable to proceed
There are two likely causes for this
- The user being used to do the App creation (signed in to Azure when prompted in the MyWorkDrive wizard) does not have sufficient permission to grant Admin Consent for the API Permissions on the App the wizard creates.
- The Wizard added API Permissions to the App for features which are not available in your tenant, such as Azure Storage, One Drive / Share Point or Office Online.
Background
An overview of the Automated Entra ID App Registration process can be found in our Entra ID App Registration guide
The Wizard uses the Azure Command Line to create an application in your tenant, Add the appropriate API permissions, and execute the Grant Admin Consent function on those permissions.
The Wizard is automating the process in Azure
If your Azure Tenant/Azure Subscription does not have the features in Azure the Wizard has added API permissions for, or your user does not have permission to Grant Admin Consent for those features, you will not be able to complete the wizard and will get stuck on Review Application Step 4. Typically you will be looped to an Approval page and back to the Wizard, with a yellow box on Step 4 either indicating “please wait” or prompting to approve.
Solutions
There are four possible solutions to this problem.
Sign in to Azure with a User who has sufficient permission
If you did not sign in as a Global Admin with access to all the features in your account and the permission to create and grant admin consent when prompted, exit and re-start the wizard and sign in with an appropriate user at that step.
Adjust the features in the Wizard
The wizard offers two optional selection items on Entra ID Step 3 as part of the app creation process. Removing a feature removes their associated API permissions on the Azure App. If your tenant does not have SharePoint/Office 365 or Azure Storage, removing them will resolve the inability to grant Admin Consent to services which are not present.
The option for Office 365 adds/removes the API permission for SharePoint MyFiles.Write API permission to/from the app
The option for Azure Storage adds/removes the Azure Storage user_impersonation API permission to/from the app
Adjust the API permissions on the app in Azure during the Wizard process.
If you sign in to the Azure Portal and browse to Apps while you are setting up the MyWorkDrive server, you will find the App you are in the process of creating in the App Registration list under the name you entered in the Wizard.
You can edit the app in Azure to remove API permissions for features you do not have in your tenant/subscription prior to attempting to complete the Approval step in the Wizard, such as Azure Storage or SharePoint.
Create your own App
The easiest option, particularly if you have least privilege access permissions in your organization/tenant, would be to simply manually create your app in Azure, or have a user with appropriate permissions in your organization manually create your app.
Instructions for setting up your own application by hand can be found in our Entra ID setup guide
All MyWorkDrive needs from a properly-created application is the information on the Entra ID Integration setup screen
Tenant ID
Application ID
Application Secret
Public Server URL
MyWorkDrive does not need to create or manage the app to function correctly. The Wizard is simply provided as a convenience.
