Admin consent refers to when the Admin for an Azure Active Directory tenant grants permissions to an application which requires an admin to consent to the use case. The embedded app within the CData Python Connector for Azure Data Lake Storage, contains no permissions that require admin consent. Therefore, this information applies only to custom applications.

Admin Consent Permissions

When creating a new OAuth app in the Azure Portal, you must specify which permissions the app will require. Some permissions may be marked stating "Admin Consent Required". For example, all Groups permissions require Admin Consent. If your app requires admin consent, there are a couple of ways this can be done.

The easiest way to grant admin consent is to just have an admin log into portal.azure.com and navigate to the app you have created in App Registrations. Under API Permissions, there will be a button for Grant Consent. You can consent here for your app to have permissions on the tenant it was created under.

If your organization has multiple tenants or the app needs to be granted permissions for other tenants outside your organization, the GetAdminConsentURL may be used to generate the Admin Authorization url. Unlike the GetOAuthAuthorizationURL, there will be no important information returned from this endpoint. If the grants access, it will simply return a boolean indicating that permissions were granted.

Once an admin grants consent, authentication may be performed as normal.