I have an Excel plugin, which uses Azure AD (ADAL) for authentication. I have made a second copy of the app and the needed changes in Azure AD. All user can use the first app. The second app I am the only one who can log in. They have the same rights like in the first app. What Azure give as error on login is:
Error Code: 90094
Error reason: Other
I cannot find information for this error. What is returned to the user is "Admin have to give privileges to this app". But the privileges are given. The same like in the first app.
Do you have any information for this error code?
P.S. What I found is, that this is connected with required permissions from the app. If I add a user, who is a Global Administrator in Azure AD, after logon comes a window "The app needs permission to: ... (Accept, Cancel)" and after that, he can use the app, even if he is changed to normal user. If the user is normal Azure AD user, this windows does not appear and he is rejected with the error 90094. The same happens with a user, who is Limited Administrator and it does not matter what for admin role he has.
P.S. 2
On my support request, Microsoft support did not tell me what this error means ("This is a custom application and there is no info about this error. There would be info if this was an enterprise application").
After deleting the app registration and make it again, there is no more such a problem. And I cannot reproduce it (I have tried hard :) ). And if you give me an answer, I cannot prove it. So you can look on this question as closed.
Some of you may have been developing an application that integrates with Azure AD, and hit this screen: In the tiny text at the bottom you can find this error code: AADSTS90094: The grant requires admin permission. Note that this article is based on Azure AD v1.
Some of you may have been developing an application that integrates with Azure AD, and hit this screen: AADSTS90094: The grant requires admin permission. Note that this article is based on Azure AD v1 .
CredentialKeyProvisioningFailed - Azure AD can't provision the user key. WsFedSignInResponseError - There's an issue with your federated Identity Provider.
In the above error, the message states that the application can only be accessed from devices or client applications that meet the company's mobile device management policy. In this case, the application and device do not meet that policy. Azure AD sign-in events
I had a similar problem where the error occurred if anybody other than a Global Administrator was the one that created the AAD app registration. It came down to a subtle difference in the way Azure AD sets permissions for the application based on who sets the application permissions in the old Management Portal. I don't know if they have this problem in the new Resource Manager portal, or if it's even the same case as what you're encountering without more information.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With