How Do I Let an Application Authenticate with Windows Azure Active Directory?

Symptoms

When a user signs in to an AgilePoint NX application in Windows Azure Active Directory that gets or refreshes an access token for a Windows Azure Active Directory user ID, this error shows on the Microsoft sign in screen:

AADSTS90093: AgilePoint Portal Prod is requesting permissions, which you are not authorized to grant. Contact your administrator, who can grant permissions to this application on your behalf.

Cause

You did not request permission for your application in the Windows Azure Active Directory portal. This usually happens when you manually register the application in the Windows Azure Active Directory portal, rather than going through the admin consent flow.

Resolution

  1. Sign in to the Windows Azure Active Directory portal as an administrator.
  2. Go to the registered Windows Azure Active Directory application, and click the Grant Permission button.
  3. Select these permissions:
    • Sign in and read user profile
    • Read all users’ full profiles
    • Read directory data