How to authorize app in tenants after GDAP migration? #1385
Replies: 2 comments
-
|
I have the same concern, using the GDAP Migration tool works great, and I have configured role groups to add to the security functionality. Once I started cleaning up, and removing DAP relationships I start to get errors saying that the CIPP app is not consented to. Is there no way to make CIPP work with GDAP relationships? or do we require DAP and GDAP for CIPP to function? PS: I have added the CIPP-SAM to the groups required in the documentation, and manually assigned the "recommended roles" for GDAP |
Beta Was this translation helpful? Give feedback.
-
You don't need to authorize the app, CIPP uses CPV consent and does this automatically weekly. You can hit the refresh permissions button to perform it manually in the settings -> Tenant menu. The CIPP-SAM application also should not be added to any groups, but the user you've used to approve the application does. You can find this user by performing a permissions check and clicking the details button. |
Beta Was this translation helpful? Give feedback.
-
Hi there.
I've come across an issue when authorising the CIPP SAM app using either the links generated within CIPP, or those I can see recommended elsewhere.
Link format:
https://login.microsoftonline.com/{TenantID}/v2.0/adminconsent?client_id={AppID}
Error message:
"AADSTS900144: The request body must contain the following parameter: 'scope'."
Removing v2.0 from the URI attempts sign-in but hangs.
I appreciate the GDAP migration tool isn't actively supported, however, this could pose an issue in the future once DAP is fully depracated.
How are others currently authorising the app without relying on DAP?
Beta Was this translation helpful? Give feedback.
All reactions