I'm trying to create a PoC application set, WebApi with a Angular (other or variant frontend), using Azure AD to authenticate my Federation users.
I've got the backend working fine, with authentication/MFA working as expected, and showing sign-in prompts.
I can get the login screen to pop-up (and with the correct tenant), however when I try sign-in, I get a admin-access required - am I requesting too much scope?
This is my app.module.ts code from the sample, where
import { BrowserModule } from '@angular/platform-browser';
import { NgModule } from '@angular/core';
import { AppComponent } from './app.component';
import { LoginComponent } from './partials/login/login.component';
import { MsalModule, MsalInterceptor } from '@azure/msal-angular';
import { HTTP_INTERCEPTORS } from '@angular/common/http';
import { AppRoutingModule } from './app-routing.module';
@NgModule({
declarations: [
AppComponent,
LoginComponent
],
imports: [
MsalModule.forRoot({
clientID: "my-client-id",
authority: "https://login.microsoftonline.com/my-tenant-id",
redirectUri: "http://localhost:4200/",
validateAuthority : false,
cacheLocation : "sessionStorage",
storeAuthStateInCookie: false, // dynamically set to true when IE11
postLogoutRedirectUri: "http://localhost:4200/",
navigateToLoginRequestUrl : true,
popUp: false,
}),
BrowserModule,
AppRoutingModule,
],
providers: [{
provide: HTTP_INTERCEPTORS,
useClass: MsalInterceptor,
multi: true
}
],
bootstrap: [AppComponent]
})
export class AppModule { }
Please check if your Azure AD app has any permissions which require admin consent on Azure portal:
If yes, please click on the "Grant admin consent for **" at the bottom.
If no, go to Admin Centers > Azure AD > Users > User Settings > Enterprise applications - User settings then make sure "Users can consent to apps accessing company data on their behalf" is enabled.