Created simple test application which will ask user to do Entra-id login and once user log-in show his/her display name and role using streamlit and python.
Message we are getting:
Please allow me to share more details about settings as below:
In EntraId, did the app-registration and added api-permission as below
Let me share enterprise application's settings :
With above settings also, we are still getting admin consent popup on customer's environment. As per beautiful answer provided here: now have few basic questions as below
To avoid requiring the admin consent you have to either grant admin consent to the Microsoft Entra ID application or configure user consent in the tenant.
User.Read
in Permission Classification blade.Hence, to resolve the issue Go to Azure Portal -> Enterprise application -> Consent and permissions -> User consent settings -> Enable the option Allow user consent for apps -> Save
Now the user will be able to consent:
If the application resides in one tenant and user resides in another tenant, then the setting must be made in the tenant where the user resides.
Reference:
Admin consent for applications with permissions like User.Read or Notes.ReadWrite.All? : r/AZURE