Microsoft SSO Login Approval Requests and How to Fix Them
When accessing the Partner Portal, having received an email invite or link, users may encounter login issues when signing in via Microsoft Single Sign-On (SSO), particularly when Microsoft displays an “Approval Required” prompt. This typically occurs due to permission restrictions or consent policies configured in Azure Active Directory (Azure AD).
This article outlines the reasons behind this approval request and provides steps to resolve it effectively.
Why is Approval Requested?
During user login, the Partner Portal requests access to some Microsoft 365 data and resources such as the user profile and email, which require admin consent within Azure Active Directory (Azure AD). As a result, Microsoft may prompt for admin approval, especially in Azure AD environments with strict consent policies.
Circumstances for approval request:
Admin Consent Is Required for the Application
the Partner Portal may request access to user profile data or Microsoft Graph APIs. If these permissions require admin consent and have not been granted, users will be blocked from logging in.Consent Has Not Been Granted for All Users
Even if an admin has approved the app, the consent may be scoped only to the admin or a specific group. Other users will still see the approval prompt unless tenant-wide consent is configured.Admin Consent Workflow Is Enabled
Some organizations enforce an Admin Consent Workflow, which requires users to request access and wait for an administrator to manually approve the app.Application Permissions Have Changed
If the Partner Portal updates its required permissions, previously granted consent may no longer be valid. This can trigger a new approval request.
Resolution Step
Contact your Azure AD administrator to remove the approval process or to approve the Partner Portal application for organizational use and ensure tenant-wide consent is granted for all users. For more details, refer to Microsoft’s documentation on Admin Consent Workflow.
Related Articles
Microsoft App Registrations: Publisher Verification
As part of creating a brand, app registrations for the Partner portal and Call Manager service are created in the Partner's Microsoft tenant. This allows you to control the branding for these (such as name and logo). It also allows you to verify the ...Access a Customer's Call Manager as a Partner
Partners can access the Call Manager instances for all their customers, both at their Partner level and for all child Partners. Login to admin.yourbrand.com Partner Management portal. Navigate to the appropriate Partner level Select Customers on the ...Partner Management API Integration
The Partner Management portal supports operation via both the UI and underlying API. For those partners that already have their own partner and product management system you may prefer to integrate via API to avoid introducting a new portal. Often ...Adding Resellers (Child Partners)
The Partner Management Portal allows a deep tree of partners. A typical setup is to replicate your business's reseller tree in this portal. Add Reseller / Child Partner Adding a new child partner/reseller is a simple process: Login to ...Create Emergency Locations
Microsoft Teams uses Emergency Locations assigned to each of your users to ensure that precise dispatchable location information is provided for Teams users making emergency calls. View Existing Emergency Locations Navigate to the Emergency Location ...