Issues with the connected account: Approval required or Permissions requested

LMS365 enables the use of many notifications that are triggered by various actions and processes. For LMS365 to be able to send notifications, a connected email account needs to be configured.

In some cases, an email account can't be configured because of issues relating to consent or permissions. This article describes some useful steps you can follow to check the permissions on your tenant and then connect to the appropriate account.

 

NOTE   

Actions described in the article can be performed only by a Microsoft 365 global admin.

 

In this article

 

Checking user and admin consent configurations

If you face an issue when configuring the connected account at course catalog level in the Microsoft 365 Connection Settings, the first step is to check if the user and admin consents to apps are configured for the account in question.

 

 

1. The Microsoft 365 global admin can enable user consent to apps to allow users to provide consent when an app requests access to your organization's data on their behalf. With user consent turned on, everyone from your organization can connect the email account and grant the permissions for the LMS365 app on behalf of your organization.

To manage user consent, navigate to the Microsoft 365 admin center and then follow the steps described here

 

 

2. If user consent is disabled or it doesn't suit your organization's policies, a Microsoft 365 global admin can configure an admin consent flow to specify which users can review admin consent requests.

To configure admin consent, navigate to Azure Active Directory and then follow the steps described here.

 

 

If someone tries to connect the account with the admin consent set, they will see a message that the  admin approval is required to continue. 

 

 

Selecting Request approval will trigger the request for approval to be sent to the admin. Requests for admin consent approval are managed in the Azure Active Directory by approving or denying them.

 

 

Approving the admin consent request will make the account available for connection in the Microsoft 365 Connection Settings.

 

Resetting permissions

In case you don't want to enable any consent flows, or if you followed one of the previous steps in this article but it didn't work, you can reset all permissions and try to connect the account again as a Microsoft 365 global admin.

This can be done in Azure Active Directory > Enterprise applications > LMS365 > Security > Permissions > Review permissions > select 'This application has more permissions than I want'. Follow the recommendation for reviewing permissions granted to apps and resetting them via PowerShell

 

 

After the permissions are reset, you can go back to the LMS365 Admin Center as a global admin and connect the account. You will see a Permissions requested message. By selecting Accept, you (as a global admin) will be able to provide consent on behalf of the organization.

 

TIP   

Checking the Consent on behalf of your organization box will have the effect that the consent is not required again if another account in your organization is connected to LMS365. To allow each connected account to consent individually, we don't recommend you to check this option.

 

After the permissions are granted, if you don't need the global admin's account to be connected, you can disconnect the global admin's account and connect any other account.

 

Was this article helpful?
2 out of 3 found this helpful

Comments

Article is closed for comments.