What is user / admin consent?
Valotalive applications that integrate with Microsoft’s business applications (such as Power BI, PowerPoint or others.) use OAuth to securely connect Valotalive with them. OAuth requires user consent to read the app’s data.
Usually companies govern OAuth app consent in Azure AD.
Typically the authentication process requires the admin to approve the Enterprise application first, before the user can authenticate.
Authenticating Valotalive with Microsoft Business Applications
The authentication procedure can vary depending on your organization policies for governing the OAuth app consent in Azure AD.
Either 1. The user initiated procedure or 2. Admin initiated procedure can be used for authentication. We'll cover both below.
1. The user initiated procedure
The user, who already has a Valotalive account, begins to activate a Microsoft related app in Valotalive. One of the first steps they run into is the authentication as shown below (activating Power BI app as an example).
When clicking the AUTHORIZE button to authorize Valotalive with the selected Microsoft account, the user might run into the following prompt stating that the admin review is needed.
You can send your admin a request for the review here. Type in comments as justification for the application to let the admin know what the app is for:
Note! You may also be prompted Need admin approval.
In this situation the Azure Admin in your company needs to consent requests on the Azure site. By setting up the request process the AD user can make the request as shown above.
Read more from Learn.microsoft.com site:
Admin notification & approval for the request
The Azure AD admin is notified about the request via email as shown in this example:
Once the admin clicks the Review request button, they will be taken to the Azure AD Admin Consent Requests page.
Admins can view the permissions that the app is using and consent by clicking the Review permissions and consent button.
User is notified and can proceed.
After the user is notified about the admin consent via email, they can proceed and authorize the application in Valotalive.
2. The Admin initiated procedure
The admin initiated procedure can begin in Azure AD by searching for the specific Valotalive application.
Azure AD Gallery (link) is the place where third party integrations are listed and managed.
Azure Admin grants permissions in the Azure AD
Navigate to the Azure Active Directory
--> Enterprise Applications and click + New Application to access Azure AD GallerySearch for Valotalive to locate Valotalive applications in the Azure AD App Gallery:
Click the application in question to open its information page and click the blue button to follow to the Valotalive login page.
Azure Admin grants permissions via the Valotalive Apps page
Go to the Valotalive Dashboard: https://dashboard.valota.live/
Click Create an account if you do not have an account before.
The Azure AD admin account is needed only for the admin to grant admin consent.Login to Valota.live
Choose the appropriate App by clicking icon of the App.
Continue by clicking Choose this app
Click Authorize
You will be taken to the Microsoft login window.
Note! Make sure you are not logged into Microsoft applications with any other credentials on your browser in other tabs.
Important! Sign in with the Azure AD Admin account credentials.When Azure AD Admin authorizes a prompt of Permissions requested will be shown
Consent on behalf of your organization
IMPORTANT!
When authorizing you can check the box Consent on behalf of your organization which will allow the additional Valotalive users to authenticate similar Valotalive application as well.
Authorization successful prompt is shown in Valotalive.
Once the authorization is successful Azure Enterprise application page should have listed the authorized application in the directory.
If the Consent on behalf of your organization Consent on behalf of your organization was approved any further Valotalive users should have access to their personal files /applications via Valotalive; i.e. allow Valotalive to fetch the given information to the info screens.
Other Valotalive users can start activating similar Valotalive Apps.
Repeat with different type of Valotalive App for Microsoft if needed.
Azure AD Admin can now log out from Valotalive.
Read more about what permissions Valotalive will ask for the Microsoft Apps: