Skip to main content
All CollectionsTroubleshoot
Resolving Microsoft Admin Approval Issues for Scispot Users
Resolving Microsoft Admin Approval Issues for Scispot Users
S
Written by Satya Singh
Updated over a month ago

When customers encounter a "Microsoft account requires admin approval" message while trying to access Scispot, despite being granted access, the issue likely stems from security policies within the customer’s Azure Active Directory (Azure AD) environment. Here are steps that the IT team can follow to resolve this issue quickly.

Steps to Resolve:

  • First, verify if your Azure AD configuration requires admin consent for new applications. Sometimes, even though Scispot has granted access, the organization’s security policies might still demand admin approval for each user trying to sign in. In this case, users will see a message like the one below when they try to sign-in:

  • Consenting for All Users:

    1. Contact Scispot, and we will invite an admin from your Azure AD who is at least Cloud Application Administrator permission level to your Scispot account.

    2. This admin will then receive an email from Scispot, giving them a link to sign-in to the application. When they try to sign-in, they will receive a notice like the one below:

      The admin should check the box, Consent on behalf of your organization, then click Accept. This will automatically opt-in all invited members to access your Scispot account.

    3. Non-admin members should now be able to sign-in to Scispot with their Azure AD credentials. If you are still facing issues, proceed with the step(s) below.

Additional Troubleshooting

  1. Check Conditional Access Policies

    • It is important to also verify if any Conditional Access Policies are blocking access for the specific user or group trying to log into Scispot. These policies might unintentionally prevent certain users from signing in.

  2. Verify Microsoft Single Sign-On (SSO) Configuration

    • Ensure that the Microsoft Single Sign-On (SSO) setup is configured correctly. Specifically, check that the appropriate scopes like openid, profile, and email are included in the permissions.

    • To Review SSO Configuration:

      1. Go to Azure AD Admin Center.

      2. Select Scispot in the Enterprise Applications.

      3. Navigate to the Single Sign-On tab and review the settings.

  3. Clear User Consent Requirement

    • In some organizations, even after admin consent, individual users might still be prompted to grant consent. To avoid this, you can set the app’s user assignment as required and ensure that all users needing access to Scispot are explicitly assigned.

    • To Set User Assignment:

      1. Go to Azure AD Admin Center.

      2. Select Scispot in Enterprise Applications.

      3. In the Properties tab, set User assignment required to Yes.

      4. Assign the users manually who need access.

If these steps do not resolve the issue, please review their organization’s security settings and ensure that no additional security measures are unintentionally blocking Scispot. Some scenarios might require deeper analysis of Azure AD logs to identify where the sign-in is being blocked.

By following these steps, you can ensure that all users in their organization can sign in to Scispot smoothly and without unnecessary admin approval prompts.

Key Takeaways:

  • Confirm Azure AD consent settings for new applications.

  • Grant global admin consent for Scispot.

  • Review conditional access policies.

  • Verify SSO permissions are correctly configured.

  • Ensure users are assigned access to Scispot to bypass individual consent requirements.

Following this checklist should help resolve access issues quickly for the Scispot platform.

Did this answer your question?