How Do I Let an Application Authenticate with Microsoft Azure Active Directory?

Symptoms

When a user signs in to an AgilePoint NX application in Microsoft Azure Active Directory that gets or refreshes an access token for a Microsoft Azure Active Directory user ID, this error shows on the Microsoft sign in screen:

AADSTS90093: AgilePoint Portal Prod is requesting permissions, which you are not authorized to grant. Contact your administrator, who can grant permissions to this application on your behalf.

Cause

You did not request permission for your application in the Microsoft Azure Active Directory portal. This usually happens when you manually register the application in the Microsoft Azure Active Directory portal, rather than going through the admin consent flow.

Resolution

  1. Sign in to the Microsoft Azure Active Directory portal as an administrator.
  2. Go to the registered Microsoft Azure Active Directory application, and click the Grant Permission button.
  3. Select these permissions:
    • Sign in and read user profile
    • Read all users’ full profiles
    • Read directory data