Skip to main content
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT

How-to: Qlik Application Automation connectors to Office 365 require Admin Consent

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
MarkGeurtsen
Support
Support

How-to: Qlik Application Automation connectors to Office 365 require Admin Consent

Last Update:

May 10, 2022 1:43:00 PM

Updated By:

Jamie_Gregory

Created date:

Oct 14, 2021 9:49:48 AM

In Qlik Application Automation when trying to connect a connector of the Office 365 suite, some users will experience the following message during the authentication flow:

MarkGeurtsen_0-1634219199976.png

 

This error can show up for the Microsoft Teams, Microsoft Onedrive, Microsoft Sharepoint and Microsoft Excel connectors and depends on your Office 365 tenant. This setting can be found in the Azure Active Directory portal underneath User Content Settings. Direct Link: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/UserSettings

Most organizations will have selected the option to Allow User Consent from verified publishers for selected permissions. To make use of the connectors some permissions will have to be classified as low impact. These classifications can be done on the page Permission classifications. Direct Link: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/Permissions

The following scopes will have to be classified as low impact for the different connectors:

Microsoft Teams

  • User.Read
  • profile
  • openid
  • Team.ReadBasic.All
  • email
  • offline_access
  • ChannelMessage.Send
  • Channel.ReadBasic.All


Microsoft Sharepoint

  • Files.Read.All
  • Files.ReadWrite.All
  • Sites.Read.All
  • Sites.Manage.All
  • Sites.ReadWrite.All
  • offline_access
  • User.Read

Microsoft Onedrive

  • Files.ReadWrite.All
  • User.Read
  • offline_access

Microsoft Excel

  • Files.ReadWrite.All
  • User.Read
  • offline_access

 

To allow users access to all the team scopes, the permission classification page would look the following:

MarkGeurtsen_1-1634219374949.png


Microsoft Teams ( with admin consent )

This connector will always require admin consent and these scopes cannot be classified as being low impact.

Labels (1)
Contributors
Version history
Last update:
‎2022-05-10 01:43 PM
Updated by: