I’m experiencing some issues with Single Sign-On (SSO) after transitioning from Global OAuth v1 to Global OAuth v2 (Azure).
While everything works with v1, switching to v2 triggers a “Needs approval” prompt for users every time they attempt to log in. I’ve tried granting approval for the enterprise app multiple times, but the process just loops, endlessly requesting new approvals.
It seems like there might be a missing configuration in the setup for v2.
Error from Azure:
Failure reason
Admin consent is required for the permissions requested by this application. An admin consent request may be sent to the admin.
I’m not sure what the cause of this is, it seems to be a very limited number of users. The OAuth v1 will continue to be available until it is discontinued by Microsoft.
“it’s possible the app is calling the consent endpoint directly, which is something the app publisher should resolve.”
Now, since I don’t have the ability to modify/see what is in the actual app (that’s the bit running on the Pritunl.com server), I am left to try the current v1 endppoint, which seems fine, but the v2 is.. patchy. It works, but I also see the consent request every time (like you describe above).