How is the “Grant permissions” button in legacy Azure AD app registration different from “Grant admin consent” in the the new experience?

寵の児 提交于 2020-02-05 02:37:32

问题


The "Grant admin consent" button in the current Azure AD app registration experience (under Azure portal > Azure AD > App registrations > (app) > API permissions) is sometimes greyed out. In the legacy experience, I could always click the button.

What's the difference between the two?


回答1:


The "Grant permission" button in the legacy app registration experience behaves differently depending on what you're allowed to do:

  • If you're allowed to do tenant-wide admin consent, the button grants the permissions for all accounts:

  • If you're not allowed to do tenant-wide admin consent, the button attempts to grant the permissions for your account only:

  • If you're not allowed to consent even for yourself, it fail to grant any permissions:

In the new (current) app registration experience, the "Grant admin consent" button only proposes tenant-wide admin consent:

  • If you're allowed to do tenant-wide admin consent, the button is enabled and will result in the permissions being granted for everyone:

  • If you're not an admin, the button is simply disabled:

The new app registration experience does not currently offer the option for granting consent on behalf of the signed-in user only, like the legacy experience did. If you want to grant consent for yourself, the best way to do so is to actually sign in to the app, and grant consent then.



来源:https://stackoverflow.com/questions/59950232/how-is-the-grant-permissions-button-in-legacy-azure-ad-app-registration-differ

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!