Okta Admins and Users trying to access an application, such as Teams or Forms, may encounter an error message similar to:

Need admin approval
needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it. 

• Microsoft Office 365 (M365 / O365)
• Okta Integration Network (OIN)
• Single Sign-On (SSO)

This occurs for applications that leverage OpenID Connect and/or OAuth 2.0 for sign-in and/or requests to access data within the Microsoft Office 365 Tenant where user consent has not been provided. User consent to apps must be provided within the Microsoft 365 Admin Center, outside the Okta Admin Dashboard.
 

To resolve this issue, user consent to apps must be enabled in Microsoft, and Advanced API Access must be enabled in Okta.

Here is how to enable the Advanced API Access option for users in Okta: 

1. Sign in to the Okta Admin Console.
2. Open the Office365 app settings.
3. Scroll down in the Sign On tab > enable the Advanced API Access option and Authenticate with Microsoft Office365 > give consent.
4. Select Save to save the settings.

Here is how to change User consent to apps in Microsoft:

1. Sign in to the Microsoft Entra admin center as a Privileged Role Administrator;
2. Browse to Identity > Applications > Enterprise applications > Consent and permissions > User consent settings.
3. Under User consent for applications, select the desired consent setting that should be configured for all users.
4. Select Save to save the settings. 

If Microsoft Office 365 Admins encounter issues enabling user consent for apps, please contact Microsoft Support for further assistance. 

Related References

• Provide Microsoft admin consent for Okta
• Managing user consent to apps in Microsoft 365
• Configure how users consent to applications