Why is Admin Consent Required?
When an app is registered in Entra ID, it can request permissions to access APIs (like Microsoft Graph, or other APIs protected by Entra ID).
- Some permissions are delegated (app acts on behalf of the signed-in user).
- Some are application (app acts without a user, e.g. background jobs).
Permissions are classified as either:
- Low-impact user consentable (a normal user can accept on their own, e.g., "read your profile").
- High-impact / tenant-wide (only an admin can grant these, because they affect the whole directory or other users’ data).
Admin consent is not always required, but it is when the app needs permissions that ordinary users can’t safely grant, especially for calling Graph API beyond their own data or for app-only access. We use Graph API to fetch the SharePoint files hence we need admin consent.
Granting Admin Consent
- Log in to your Azure Portal account as an Admin user
- After logging in, visit the following URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=2e2f8304-f760-47d5-9c51-0fcc8cce442f&scope=https://graph.microsoft.com/.default&redirect_uri=https://sharepoint.com/auth/callback
- Click the link to view the screen where the app requests Admin consent for necessary access, and click Accept
After clicking Accept you will be redirected back to the callback or home page URL.
Once you complete these steps, you can connect SharePoint from the Loopio platform and generate answers using Loopio.