Search code examples
azureasp.net-identityazure-ad-msalmsal

Azure AD App Registration unable to change "Who can consent"


I'm creating a MSAL web API using instructions here. When following the instructions for "Expose the API", I am not able to adhere to step b. (For Who Can consent, ensure the Admins and users option is selected).

1. Under Manage, select Expose an API > Add a scope. Accept the proposed Application ID URI (api://{clientId}) by selecting Save and continue. The {clientId} is the value recorded from the Overview page. Then enter the following information:
  a. For Scope name, enter Forecast.Read.
  b. For Who can consent, ensure that the Admins and users option is selected.
  c. In the Admin consent display name box, enter Read forecast data.
  d. In the Admin consent description box, enter Allows the application to read weather forecast data.
  e. In the User consent display name box, enter Read forecast data.
  f. In the User consent description box, enter Allows the application to read weather forecast data.
  g. Ensure that the State is set to Enabled.

The option doesn't even show up on the screen.

Note this app registration is NOT in a B2C tenant. The second picture below shows what I see when I search Azure B2C and click the link, there are no applications registered.

enter image description here enter image description here

Later steps fail and I think it's because of this. The instructions are fairly recent (4/24/2024), but following them step by step doesn't work. What is missing?


Solution

  • If you registered application in Azure AD B2C tenant and exposed an API, it won't be having Admins and users option like this:

    enter image description here

    For that, you need to switch to normal Microsoft Entra ID tenant and register application in it that have Admins and users option when exposed an API:

    enter image description here

    If your use case is to expose an API in Azure AD B2C tenant, you can follow this MS Document that won't support user consent option by default.

    Here is what I see when following instructions here when I click on Microsoft Entra ID in the menu.

    enter image description here