MS need admin approval workaround

n8n-io · Jan 16, 2025 · 6cec641 · 6cec641
1 parent f7ec1f4
commit 6cec641
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/_snippets/integrations/builtin/credentials/microsoft-need-admin-approval.md b/_snippets/integrations/builtin/credentials/microsoft-need-admin-approval.md
@@ -0,0 +1,7 @@
+### Need admin approval
+
+When attempting to add credentials for a Microsoft360 or Microsoft Entra account, users may see a message when following the procedure that this action requires admin approval.
+
+This message will appear when the account attempting to grant permissions for the credential is managed by a Microsoft Entra. In order for the credential to be issued, the administrator account needs to grant permission to the user (or "tenant") for that application.
+
+The procedure for this is covered in the [Microsoft Entra documentation](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent).
diff --git a/docs/integrations/builtin/credentials/microsoft.md b/docs/integrations/builtin/credentials/microsoft.md
@@ -22,6 +22,7 @@ You can use these credentials to authenticate the following nodes:
 
 - Create a [Microsoft Azure](https://azure.microsoft.com/){:target=_blank .external-link} account.
 - Create at least one user account with access to the appropriate service.
+- If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the [Microsoft Entra documentation](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent)).
 
 ## Supported authentication methods
 
@@ -116,3 +117,9 @@ Outlook OAuth2 supports the credential accessing a user's primary email inbox or
 SharePoint OAuth2 requires information about your SharePoint **Subdomain**.
 
 To complete the credential, enter the **Subdomain** part of your SharePoint URL. For example, if your SharePoint URL is `https://tenant123.sharepoint.com`, the subdomain is `tenant123`.
+
+## Common issues
+
+Here are the known common errors and issues with Microsoft OAuth2 credentials.
+
+--8<-- "_snippets/integrations/builtin/credentials/microsoft-need-admin-approval.md"
diff --git a/docs/integrations/builtin/credentials/microsoftentra.md b/docs/integrations/builtin/credentials/microsoftentra.md
@@ -10,7 +10,8 @@ description: Documentation for the Microsoft Entra ID credentials. Use these cre
 
 ## Prerequisites
 
-Create a Microsoft Entra ID account or subscription.
+- Create a Microsoft Entra ID account or subscription.
+- If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the [Microsoft Entra documentation](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent)).
 
 Microsoft includes an Entra ID free plan when you create a [Microsoft Azure](https://azure.microsoft.com/){:target=_blank .external-link} account.
 
@@ -66,3 +67,9 @@ With your application created, generate a client secret for it:
 1. Log in to your Microsoft account and allow the app to access your info.
 
 Refer to Microsoft's [Add credentials](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#add-credentials){:target=_blank .external-link} for more information on adding a client secret.
+
+## Common issues
+
+Here are the known common errors and issues with Microsoft Entra credentials.
+
+--8<-- "_snippets/integrations/builtin/credentials/microsoft-need-admin-approval.md"