iOS authentication with Azure AD
We have an iOS app that connect to Azure AD for authentication. We use MSAL library in iOS app to call the azure AD. We are facing some issue when trying to authenticate. The error says that we need to configure the app registration to support multi tenant application. The error is confusing because we only have one tenant in our Azure AD.
If we add the tenant it will ask for Approval. Why it's asking for approval? how can we remove that approval?
Please check the authorization URL you are currently using to sign-in your application.
If it is somewhat like below, only users from that tenant will be able to log in.
https://login.microsoftonline.com/<tenantid>If this tenant Id corresponds to one of your organizations where you manage users, you can grant admin consent to that tenant in Azure portal like below:
Go to Azure portal -> Azure Active directory -> Your application -> API permissions -> Add required permissions -> Grant admin consent.
Otherwise, you should either replace this with the tenant Id of that tenant or with 'common' which allows users from any tenant to sign in like this:
https://login.microsoftonline.com/common/If not, users from other tenant gets this approval page.
An administrator must provide Admin Consent in the case where access is required to more sensitive resources, or at a broader scope.
Granting tenant-wide admin consent requires you to sign in as a Global Administrator, an Application Administrator, or a Cloud Application Administrator.
If you want to remove that admin consent screen,
Go to Azure portal -> Azure Active directory -> Enterprise Applications -> Consent and permissions -> User Consent Settings
To know more in detail, please find below links if they are helpful.
References:
Azure SSO- How to remove approval required screen after sign in - Stack Overflow
Exchange Online: Apple Internet Accounts - Need admin approval | diecknet