Azure AD authentication access without admin consent to application
I created a app service/website in Azure portal keeping in view that the access should be restricted inside my organization. I created a app using azure app registration, and used the tenant, client id to implement azure active directory authentication. I do not have permission for activating admin consent for the registered app due to policy restrictions. I added 2 owners for the registered app. Now how can I enable access to everyone inside my organization. Is admin consent really required to enable access to users inside organization? What would be other options other than enabling admin consent?
I tried to reproduce the same in my environment to authenticate Wep App using Azure AD
I have created App Service like below.
Azure Portal > App Services > Create
One create the App Service test the application and copy the App URL
Create App Registration in Azure Active Directory.
Azure Portal > Azure Active Directory > App registrations > New Registration
After the Application registration enable ID Token ,like below
Azure Portal > Azure Active Directory > App registrations > Your Web Application > Authentication
If you want to customize your application, modify your application like below.
Add the Scope to your application like below.
Azure Portal > Azure Active Directory > App registrations > Your Web Application > Expose an API > Set next to Application ID URI and Add Scope
Add Scope : user_impersonation
Enable Azure AD identity provider to your App Service application like below.
Azure Portal >App Service > Select your App Service > Authentication > Add Identity provider
Endpoint Url: https://login.microsoftonline.com/Tenant-ID/v2.0
Finally logged in to my web application with Azure AD Credentials.
Reference: https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad#advanced