'Microsoft Graph: Selective consent to application-level permissions
So i have an AAD app that requests a number of permissions. I have delegate permissions and application permission. I want all my customer to use the same app but then admins should be able decide which permissions they would prefer to allow.
So for instance I have Calendar.Read and Calendar.ReadWrite application-permission requests on my app. Some admins will only like to consent to Calendar.Read. Is this even possible? As per this documentation
I tried having the customer admin consent to only Calendar.Read using
// Line breaks are for legibility only.
GET https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
&scope= https://graph.microsoft.com/calendars.read
I can see in the customers enterprise applications that that Calendar.Read is permitted under Admin consent tab. Unfortunately its registered of type Delegate. I need the permission to be of type Application. How do I do this?
As expected when i try to get client credentials token, the token has no permissions so i cannot use the token to make any calls. What am i missing here?
Solution 1:[1]
There are settings which admins can choose for enabling the admin consent workflow and choose reviewers:
Please refer this DOC
For configuring the user content please refer this DOC
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Mehtab Siddique |