Hello! How can we help?

The default Azure Active Directory configuration allows user consent out-of-the-box.
But some companies may choose to control the use of enterprise applications in Office 365 by restricting the ability for users to consent to third-party applications accessing users profile data in Azure Active Directory.

If you need detailed information, here is the Microsoft documentation: Configure how end-users consent to applications.

If application consent is restricted, users (with the exception of Office 365 Global Administrators) will get the following message when attempting to sign-in to Inova for Outlook:

Need admin approval
Inova needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

Unfortunately, in this case, the only option available to the end user is to return to the application without granting consent, which means the add-in will not be able to work.

Another possible effect of this restriction can be that the permission window is stuck in an infinite loop, preventing users from giving their consent:

Request_Permissions.png

In this case, two things may be done to allow users to access the Outlook add-in for Inova.

Configuring the Azure AD admin consent workflow

Please note that you need to be a Global Administrator to complete the following steps.

Please also know that these changes may take up to an hour to take effect.

  1. Navigate to the Azure Active Directory portal
  2. Open Enterprise applications
  3. In the left menu, under Manage, click on User Settings
  4. In the right panel, under Admin consent requests (Preview), set Users can request admin consent to apps they are unable to consent to to Yes
  5. Select users who can review and approve admin consent requests
  6. Select an expiry date to specify how long requests stay valid
  7. Click Save

This way, when users will try to sign in for the first time to the Inova Add-in for Outlook, they will be able to provide a rationale and request approval. The reason will be then emailed using the consent workflow to one of the Administrators specified in the Azure AD portal.

Approval required
This app requires your admin's approval to: ...
Enter justification for requesting this app ...

Then in Enterprise Applications, under Activity if you click on Admin consent requests (Preview) you will see the Inova for Outlook add-in listed. You will also be able to see who requested it in the Requested by tab. From here, just press Approve to approve the users requests.

If you need detailed information, here is the Microsoft documentation: Configure the admin consent workflow.

Granting tenant-wide admin consent to the Inova Outlook add-in

If you prefer, you can also grant admin consent for the Inova for Outlook add-in to be available tenant-wide.

Please note that you need to be a Global Administrator to complete these steps:

  1. Navigate to the Azure Active Directory portal
  2. Open Enterprise applications
  3. In the applications search bar, search for Inova and click on it
  4. In the left menu, under Security, click on Permissions
  5. Click on the Grant admin consent for [YourCompanyName] button
  6. Then agree with the permissions the application requires and grant consent

In this way, the permission request will be seamless to users when they will sign in to the Inova for Outlook add-in.

If you need detailed information, here is the Microsoft documentation: Grant tenant-wide admin consent to an application.