• You performed the configuration of Azure Active Directory mode integration and discovered the users and sent invitations.

  

  ^{Click the image to enlarge.}

  

  ^{Click the image to enlarge.}

  

  ^{Click the image to enlarge.}

• However, while enrolling with Mobile Security as a Service application from the agent and after login with region, email, and password, the "Need Admin Approval" error message pops up blocking the page.

  

  ^{Click the image to enlarge.}

The error you encountered upon enrollment is caused by the User permission settings in the corporate MS Azure Active Directory. Please check the settings that can be found here: MS Azure Portal ==> All service ==> Enterprise applications ==> User settings == > User consent settings. If the config: User consent for applications, is set to Do not allow user consent as administrator will be required for all apps. The user invited from our Vision One Console does not grant/bind Global Administrator on Azure Active Directory, which is why you will encounter this problem.

^{Click the image to enlarge.}

^{Click the image to enlarge.}

There are two options for the customer to do some changes on the Azure AD setting.

• Option One:

  If the invited user account does not grant Global Administrator Role, it is recommended to do the user consent setting as flows:         

  MS Azure Portal ==> All service ==> Enterprise applications ==> User settings == > User consent settings, adding some permissions

  

  ^{Click the image to enlarge.}

  

  ^{Click the image to enlarge.}

  

  ^{Click the image to enlarge.}

• Option Two:

  If the invited user account does not assign the Global Administrator Role, assign Global Administrator Role to the user account, and the user consent setting can be set: "Do not allow user consent". An administrator will be required for all apps.

  

  ^{Click the image to enlarge.}

  

  ^{Click the image to enlarge.}