In this tutorial, you'll learn how to configure the admin consent workflow to enable users to request access to applications that require admin consent.
The admin consent workflow gives you a secure way to grant access to applications that require admin approval. When a user tries to access an application but is unable to provide consent, they can send a request to you for approval. The request is sent via email to admins who have been designated as reviewers. A reviewer takes action on the request, and the user is notified of the action.
Two parts are mentioned in this article:
Enable the admin consent workflow
To enable the admin consent workflow and choose reviewers:
1. Please go to Azure Active Directory in the Admin Portal > Admin consent requests.
2. Toggle “Users can request admin consent to apps” to Yes .
Note: this can only be done by a Global Admin.
3. You must designate at least one reviewer before the workflow can be enabled.
Select users to review admin consent requests - Select reviewers for this workflow from a set of users that have the global administrator, cloud application administrator, or application administrator roles. You can also add groups and roles that can configure an admin consent workflow.
Selected users will receive email notifications for requests - Enable or disable email notifications to the reviewers when a request is made.
Selected users will receive request expiration reminders - Enable or disable reminder email notifications to the reviewers when a request is about to expire.
Consent request expires after (days) - Specify how long requests stay valid.
4. Once enabled, please let users know they can now submit requests to integrate with hireEZ engagement.
Review and approve admin consent request
Once hireEZ user requests consent for email engagement, the reviewer will receive an email in their inbox titled Action required: Review Employee Name's admin consent request for hireEZ Engagement from Microsoft Azure <firstname.lastname@example.org>.
To review and approve the admin consent request:
- Click Review request > and you will be taken to Admin consent requests within the Azure portal.
- Under My pending select hireEZ Engagement.
- Under Details select Review permissions and consent.
- A new tab will open where you can Accept the permissions.
- Please notify users that they can now proceed with setting up their email integration.