Admin Consent for Advanced API Access Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a000000abrosa0&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fadmin-consent-for-advanced-api-access-1896506501
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Admin Consent for Advanced API Access
Published: Mar 20, 2018   -   Updated: Jun 22, 2018

 

 

okta-doc-source

Admin Consent for Advanced API Access

Office 365 Admin Consent for Advanced API access

When setting up an Office 365 (O365) app instance, some apps require Okta to have unique access to Office 365 tenants and their users’ information for a successful sign in to their chiclets. The O365 Admin consent for Advanced API Access feature is an optional setting that allows admins to complete the consent flow with O365, a step required for signing into these special O365 chiclets using OAuth based sign on. 

The following apps require this admin consent for Advanced API access:

  • Yammer
  • CRM
  • Teams  

Grant Admin Consent for the First Time

To allow for API access

  1. From the Administrative Dashboard, click the Applications drop-down menu.
  2. From the Applications page, find your Office 365 instance.
  3. Open the Office 365 instance to view its page. 
  4. Click the Sign On tab. 
  5. Under Settings, click the Edit button, and scroll down to the API Credentials section. 
  6. Click the Allow administrator to consent for Advanced API access check box. 
  7. The Authenticate with Microsoft Office 365 button appears.  

admin_consent_1_521x149

  1. A pop-up browser appears, and requires a Microsoft account credential. Sign in as a Global Administrator for your Microsoft tenant.

Note: Only Global Administrator level admins can grant these permissions.  

  1. Read the instructions listed on the Okta Microsoft Graph Client page.

admin_consent_2_286x347

  1. Click the Accept button.   

Note: If the Allow administrator to consent for Advanced API access check box remains checked, but the steps to grant consent from Microsoft are not completed after saving, an error message appears.

admin_consent_3

If this error message appears, you can either complete the process or uncheck the Allow administrator to consent for Advanced API access check box.  

After initial Granting of Admin Consent

Re-authenticate Admin Consent

Re-authentication is required when a new app link requiring OAuth authentication is checked by the admin on the General tab. When an Office 365 app instance is already in use and access has been granted before, the Allow administrator to consent for Advanced API access check box will be checked, but the button displays as Re-authentication with Microsoft Office 365

admin_consent_4

Top