LogoLogo
LogoLogo
  • Welcome
  • User manual
    • Windows File Explorer
    • Tray Menu
    • Preferences Menu
  • Deployment
    • System requirements
    • Security
      • Grant tenant-wide admin consent
      • Conditional Access
    • Setup
    • Configure Office 365 account
    • Software updates
  • Advanced Configuration
    • Management options
      • Settings for Intune-managed devices (Import custom ADMX- Public preview)
        • GUI settings
        • Mappings
        • System settings
      • Settings for Intune-managed devices (Legacy)
        • Intune GUI settings
        • Intune mappings
        • Intune system settings
        • Intune other settings
      • Settings via GPO
    • GUI Settings
      • Account re-authentication
      • Change KONNEKT name in explorer
      • Explorer UI
      • Hide tray icon
    • Mappings
      • Additional document libraries
      • Assign drive letters
      • Auto mapping
      • Managed mappings
      • Multi-Geo
    • System settings
      • Authentication browser engine
      • Cache settings
      • Download Directory
      • Enhanced Authentication
      • Link scope
      • Logging
      • Office365 Co-Authoring
      • Offline attribute
      • Open file size limitations
      • Throttling Prevention
        • SharePoint throttling prevention
        • Throttling prevention (client side)
      • Skip Account Wizard
      • Update checker
    • Other
      • Proxy settings
      • Set license key
  • Troubleshooting
    • Access token issues
      • Error message about missing token
      • Failed to obtain access token to your OneDrive account
      • Failed to obtain access token
    • Add Share: "Key not found"
    • Clicking a share does nothing
    • Debug log preparation
    • Subscribe a subset of users
    • How to deal with error(s)
    • Empty libraries
      • All libraries are empty
      • Empty default libraries - error 404
    • Manual uninstallation
    • Opening MS Office documents display a warning message
    • Site Collections are not displayed for some users
    • Sites missing or folders empty
    • Some sites or libraries do not appear in KONNEKT
    • Slow Folder Browsing
    • Why is there a grey "X" or "brown suitcase" on my files and folders?
    • What is the maximum path and file name length?
    • How to change the tenant name
    • Failed to open Device
  • Changelog
  • Licensing
    • Azure Marketplace
    • cleverbridge
  • Support
  • KONNEKT Website
Powered by GitBook
On this page
  • Background
  • Add KONNEKT permissions in Microsoft Entra ID (Azure AD) Enterprise Applications
  • Delete KONNEKT permissions from Microsoft Entra ID (Azure AD) Enterprise Applications

Was this helpful?

  1. Deployment
  2. Security

Grant tenant-wide admin consent

Last updated 8 months ago

Was this helpful?

You have to do the admin consent before using KONNEKT with regular users.

Background

KONNEKT is an application that interacts with several Microsoft 365 APIs. Therefore it needs permission to do so in each Microsoft365 tenant, KONNEKT wants to connect to. One level (but not the only one) of this permission is the Enterprise App Consent in Microsoft Entra ID (Azure AD). It is a major advantage over legacy approaches such as network- or proxy-based access controls for client types, since it is working at every place and allows very granular permissions.

The admin consent for KONNEKT is for "delegated access", only (please see for more details on permissions and consent). This basically means that users in this tenant are allowed to use this app to access the requested M365 services/APIs. This does not enable the app to access without the user.

KONNEKT requests the following permissions to be consented:

API Name
Claim value
Permission

Microsoft Graph

User.Read

Sign in and read user profile

Office 365 SharePoint Online

AllSites.Write

Read and write items in all site collections

Office 365 SharePoint Online

MyFiles.Write

Read and write user files

Windows Azure Active Directory

Directory.AccessAsUser.All

Access the directory as the signed-in user

Windows Azure Active Directory

User.Read

Sign in and read user profile

, you have to do the admin consent before using KONNEKT with regular users.

You can learn more about .

Add KONNEKT permissions in Microsoft Entra ID (Azure AD) Enterprise Applications

As an admin (or having a role that allows granting admin consent) you can grant tenant-wide admin consent to KONNEKT by using the following "Magic URL":

App registration URL till KONNEKT version 2.9.1 and below:

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=fbaaaa6a-1ad0-4ac5-9c4c-4ce9353dc6cf

App registration URL from KONNEKT version 2.10 and later:

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=11fa31bb-2024-4f49-8b38-f458d596a81a

Therefore you need yourtenant-idwhich you get from Azure Portal under Azure Active Directory:

Don't forget to delete the {} from the link

After that:

  1. Open the link.

  2. Login using your admin account (or account with role allows granting admin consent).

  3. Accept the KONNEKT permissions request.

  4. Done!

If you get Page Not Found after accepting the consent, please ignore it. It has no meaning here.

To check KONNEKT permissions you can find it in your Azure Active Directory under Enterprise applications -> Permissions

Delete KONNEKT permissions from Microsoft Entra ID (Azure AD) Enterprise Applications

In case you want to remove the admin-consent for KONNEKT, please proceed the following steps:

  1. Sign in to the Azure portal with a role that allows deleting admin consent.

  2. Select Azure Active Directory then Enterprise applications.

  3. Look for Konnekt and click on it.

  4. Select properties.

  5. Delete, and confirm the delete.

For more Info about admin consent visit

Microsoft docs
Since some of the permissions require to be consented by an admin
managing consent to applications and evaluate consent requests in the Microsoft docs
MS.Docs