Skip to main content
All CollectionsTroubleshoot
Resolving Microsoft Admin Approval Issues for Scispot Users
Resolving Microsoft Admin Approval Issues for Scispot Users
S
Written by Satya Singh
Updated over 2 months ago

When customers encounter a "Microsoft account requires admin approval" message while trying to access Scispot, despite being granted access, the issue likely stems from security policies within the customer’s Azure Active Directory (Azure AD) environment. Here are steps that the IT team can follow to resolve this issue quickly.

Steps to Resolve:

  1. Check Admin Consent Settings in Azure AD

    • First verify if your Azure AD configuration requires admin consent for new applications. Sometimes, even though Scispot has granted access, the organization’s security policies might still demand admin approval for each user trying to sign in.

    • To Check Admin Consent:

      1. Go to the Azure AD Admin Center.

      2. Navigate to Enterprise Applications.

      3. Find and select Scispot from the list.

      4. Review the consent settings under the Permissions tab.

  2. Grant Admin Consent Globally for Scispot

    • If admin consent has not yet been granted globally for Scispot, this will ensure that all users in the organization can sign in without needing individual approval.

    • Steps to Grant Global Admin Consent:

      1. Open the Azure AD Admin Center.

      2. Go to Enterprise Applications.

      3. Select Scispot from the list.

      4. Under Permissions, click Grant admin consent for [Organization Name].

  3. Check Conditional Access Policies

    • It is important to also verify if any Conditional Access Policies are blocking access for the specific user or group trying to log into Scispot. These policies might unintentionally prevent certain users from signing in.

  4. Verify Microsoft Single Sign-On (SSO) Configuration

    • Ensure that the Microsoft Single Sign-On (SSO) setup is configured correctly. Specifically, check that the appropriate scopes like openid, profile, and email are included in the permissions.

    • To Review SSO Configuration:

      1. Go to Azure AD Admin Center.

      2. Select Scispot in the Enterprise Applications.

      3. Navigate to the Single Sign-On tab and review the settings.

  5. Clear User Consent Requirement

    • In some organizations, even after admin consent, individual users might still be prompted to grant consent. To avoid this, you can set the app’s user assignment as required and ensure that all users needing access to Scispot are explicitly assigned.

    • To Set User Assignment:

      1. Go to Azure AD Admin Center.

      2. Select Scispot in Enterprise Applications.

      3. In the Properties tab, set User assignment required to Yes.

      4. Assign the users manually who need access.

Additional Troubleshooting

If these steps do not resolve the issue, please review their organization’s security settings and ensure that no additional security measures are unintentionally blocking Scispot. Some scenarios might require deeper analysis of Azure AD logs to identify where the sign-in is being blocked.

By following these steps, you can ensure that all users in their organization can sign in to Scispot smoothly and without unnecessary admin approval prompts.

Key Takeaways:

  • Confirm Azure AD consent settings for new applications.

  • Grant global admin consent for Scispot.

  • Review conditional access policies.

  • Verify SSO permissions are correctly configured.

  • Ensure users are assigned access to Scispot to bypass individual consent requirements.

Following this checklist should help resolve access issues quickly for the Scispot platform.

Did this answer your question?