[admin-level article]
For users of the Email Sidebar on:
The “Need Admin Approval” error may occur when a regular user attempts to get authenticated in Cubyts with one’s Office 365 credentials in the OAuth window:
What causes the error¶
The error is caused by User permission settings in corporate Microsoft Entra admin center (previously MS Azure Active Directory); specifically, the option “User can consent to apps accessing company data on their behalf” is set to “No”, along with its derivative setting for accessing the groups’ data.
These settings can be found in All services > Enterprise applications > User settings in Microsoft Entra admin center:
Recommended problem solution¶
For an admin, the easiest way to address this issue is to grant tenant-wide admin consent to Cubyts using the URL for granting tenant-wide admin consent.
1. Copy this link to any text editor
2. Substitute {organization} with your Microsoft 365 tenant ID.
To retrieve your Microsoft 365 tenant ID:
• Log in to Microsoft Entra admin center
• Go to Identity > Overview
• Under Basic information, find Tenant ID and copy it
Important:
The application may be absent from the list, in case none of the users registered consent for the App previously. If this is the case, see Method 2 from this article
3. Open the amended URL in the preferred web browser
4. Log in using the Microsoft admin account with permissions listed in this Microsoft article. Admins with roles that have lower level of permissions won’t be able to grant consent.
5. Review the required permission:
6. Click Accept to grant the necessary permissions to Cubyts on behalf of all users of your Org
7. After completing these steps, the Cubyts app will be added to your tenant’s Enterprise apps so that you can further manage it in your Microsoft Entra admin center.
Alternative problem solutions¶
There are two alternative methods for resolving this issue:
- Method 1 is for cases when Cubyts is already on the list of Enterprise applications in the Microsoft Entra admin center.
- Method 2 is useful if you want to allow the end users to provide consent for Apps on their own.
Method 1¶
1. Log in to Microsoft Entra admin center (previously MS Azure AD) with Admin credentials
2. Go to Enterprise Applications
3. Select All Applications
4. Type “Cubyts” in the search field to find the App and select
Important:
The application may be absent from the list, in case none of the users registered consent for the App previously. If this is the case, see Method 2 from this article
5. Open the Permissions tab and click Grant Admin consent for Cubyts
6. Log in with O365 Admin credentials and click Accept in the Permissions requested dialog that appears
7. Refresh the page with Permissions for the application you’ve just registered consent for
Method 2
Another option is to allow the end users to register consent for Apps on their own:
Note: If this method is used, the end users will be able to register consent for any third party Apps; for some enterprises such setup might contradict general Office Apps security policies
1. Log in to Azure AD using Admin credentials
2. Go to Enterprise applications > User settings
3. Switch the setting “User can consent to apps accessing company data on their behalf” to **Yes**
Enabling of the setting “User can consent to apps accessing company data for the groups they own” is optional.