I have an Excel plugin, which use Azure AD (ADAL) for authentication. I have made a second copy of the app and the needed changes in Azure AD. All user can use the first app. The second app I am the only one who can logon. They have the same rights like in the first app. What Azure give as error on logon is:
Error Code: 90094
Error reason: Other
I cannot find information for this error. What is returned to user is "Admin have to give privileges to this app". But the privileges are given. The same like in the first app.
Do you have any information for this error code?
P.S. What I found is, that this is connected with required permissions from the app. If I add an user, who is a Global Administrator in Azure AD, after logon comes a window "The app needs permission to: ... (Accept,Cancel)" and after that he can use the app, even if he is changed to normal user. If the user is normal Azure AD user, this windows does not appear and he is rejected with the error 90094. The same happens with an user, who is Limited Administrator and it does not matter what for admin role he has.
2 Answers
Answers 1
I have run into a case like this where the ability for users to grant programs privileges was removed globally in Azure AD. Since they already accepted the first program they are fine but cannot accept any other ones.
Can a new user access the first program?
Answers 2
Check the database and see if the user really has any role associated to it.
If that's the case, make sure it is well written.
If it's well written, make sure that exact role has the right permissions to access it.
0 comments:
Post a Comment