Solved

AADSTS90094: The grant requires admin permission

  • 6 March 2018
  • 9 replies
  • 66 views
J

Hi,

 

We just modified K2 config to connect from K2 Mobile using AAD credentials using this post:

 

https://help.k2.com/onlinehelp/k2mobile/userguide/current/default.htm#K2Mobile/Configure/UseK2MobAuthAAD.htm

 

Now we can login from the mobile app but then the app show us a screen asking for permisions for K2 for Office365 Mobile:

 

https://help.k2.com/support-services/kbt139601

 

What we have to do to give permissions to this app? It has to be done for every user that uses the app? In the K2 help there is an article to give permissions to K2 for Office 365 app but not one for K2 for Office 365 MOBILE: https://help.k2.com/kb002052

 

Thanks in advance

icon

Best answer by jgua2418 14 March 2018, 11:21

View original

9 replies

A

Hello,


 


Administrators should be able to consent on behalf of the organization. Otherwise, users may need to allow consent on their side of things. 

K
Userlevel 6
Badge +16

Hi,


 


Did you use the Global Admin account for the consent stuff? Could you provide us a bit more details on the error message or the issue?

J

Hi, thanks for your quick answers.

 

The error is exactly this one https://help.k2.com/support-services/kbt139601

 

When a users log in the application, the app redirects to the company's login screen but, then appears another screen asking for constent. From your answers I can asume that if a tenant admin user logs in the app and accepts this consent then the rest of the users won't be prompted about this permisions, is this true?

 

Thanks again

J

Hi,

 

We tried to login with a user with tenant admin permissions and this user accepted the consent.

 

Then when we login with a "normal" user the applications asks again for the consent.

 

What shall we do to accept that for all users?

 

Thanks

K
Userlevel 6
Badge +16

Hi,


 


It sounds like the Admin token is not getting created during the consent or it's still using the old token. Can you check the Token page from Management site for Microsoft Online admin token?(Management > Authentication > Oauth > Tokens). Perhaps, this KB might help (https://help.k2.com/kb002052). If that is still working, then i would suggest logging a support case. I have seen a couple times that this can occur if the K2 App didn't add/trust correctly from App catalog site during the initial setup. We ended up cleaning up the Admin token and redoing the trust thing to get it to work.

J

Hi,

 

In the Managment Site there is a Token but it's the one created during the Sharepoint Online configuration. We reviewed your link but it gives information about the K2 for Office 365 and the app that asks us for permisions is the K2 for Office 365 Mobile, that are different applications true? 

 

Is there a way to create a link con consent admin permissions for K2 for Office 365 Mobile like the one explained in the link for K2 for Office 365?

 

Thanks

K
Userlevel 6
Badge +16

Hi,


 


Sorry about that. Please have a look at the KB


(Scroll down to AAD Authentication Problems section)


https://help.k2.com/kb002030 

J

Hi,

 

Finally with this article https://help.k2.com/support-services/kbt142824 we could accept the consent and now the users can accept the consent.

 

The problem now is that the app seems to be connected to the server but it cannot retrieve anything and show the message "Could not authenticate".

 

We tried both iOS and Android Apps (both android apps too) and all with the same result, in the iOS the app ask to reauthenticate and then it says that username or password are not valid.

 

Any idea?

 

Thanks

J

Hi, 

 

Finally we have mobile with AAD running, the final problem was with UserID parameter, we configured it as *personal details removed* and the correct way is AD tipping (somethink2svc).

 

 

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings