Reputation: 12452
AADSTS90093 when signed in as Global Admin
I'm trying to do the initial consent for an application registered in Azure AD that requires access to read directory data. I've activated my Global Admin role in Privileged Identity Management and hit the following URL in a new browser window.
https://login.microsoftonline.com/mytenant.onmicrosoft.com/oauth2/authorize?client_id=xxx&response_type=code&prompt=admin_consent&redirectUri=xxx
I'm getting the AAD error page saying I need to be an admin:
Additional technical information:
Correlation ID: 41ab9f3d-7430-4c46-aff4-a28e7f5398c2
Timestamp: 2016-05-12 15:03:27Z
AADSTS90093: This operation can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators.
Why doesn't it recognize me as an admin?
Upvotes: 1
Views: 220
Answers (1)
Reputation: 66
There was a delay between the role assignment and when the application consent experience recognized the change. While a user may appear in their new role both in the Azure AD PIM experience as well as in the Azure management portal, the consent page required either 10-15 minutes, for the user to sign in again, to recognize the new role assignments.
Upvotes: 3
Related Questions
- Error when trying to consent Azure VPN application
- Disable approval required consent in Azure
- Azure AD user login to an app fails even after admin consent is given for the multitenant app
- Why does my request to consent admin permissions ask all permissions?
- Azure AD Oauth2 gives error after authorization request
- How do I determine if the logged in user is an O365 admin, able to use (prompt=admin_consent)
- Azure AD User login fails even after admin consent in multi tenant web app
- Configure a cloudservice for autentication with Azure Active Directory
- Get Active Directory Administrators using Azure AD Graph Client