How-to: Qlik Application Automation connectors to Office 365 require Admin Consent

In Qlik Application Automation when trying to connect a connector of the Office 365 suite, some users will experience the following message during the authentication flow:

This error can show up for the Microsoft Teams, Microsoft Onedrive, Microsoft Sharepoint and Microsoft Excel connectors and depends on your Office 365 tenant. This article explains different methods on how to allow users to make a connector from Qlik Application Automation.

When an Azure admin navigates to the Consent and Permissions page inside Enterprise Applications, the following will be visible:

Admin Consent Request Workflow

If the option Do not allow user consent is selected, the only way to get the Microsoft connectors in Qlik Application Automation working is by enabling the Admin Consent Request workflow. To do this, the admin needs to navigate to Admin consent settings and enable the request box and assign reviewers for each request justification:

When a user now creates a connection, they will be asked to provide a justification. This request will be sent to the Azure Administrators of the tenant:

When this request is submitted, the reviewers of the request should now see the request:

The reviewer can review the request which takes the reviewer to the consent screen with the option to allow access for the organization. This will install an enterprise application in the Azure tenant of the user.

Classifying low impact permissions

An alternative option is if the Azure tenant selected the option Allow User Consent from verified publishers for selected permissions. 

When this option is chosen, an Azure administrator of the tenant can head to the Permission Classifications page:

The following scopes will have to be classified as low impact for the different connectors:

Microsoft Teams/Sharepoint ( with admin consent )

This connector will always require admin consent and these scopes cannot be classified as being low impact.