登录到应用程序时出现的意外许可提示Unexpected consent prompt when signing in to an application

许多与 Azure Active Directory 集成的应用程序都需要各种资源的权限才能运行。Many applications that integrate with Azure Active Directory require permissions to various resources in order to run. 当这些资源也与 Azure Active Directory 集成时,使用 Azure AD 许可框架请求其访问权限。When these resources are also integrated with Azure Active Directory, permissions to access them is requested using the Azure AD consent framework.

这会导致首次使用应用程序时显示许可提示,这通常是一次性操作。This results in a consent prompt being shown the first time an application is used, which is often a one-time operation.

可能在各种情况下看到其他提示:Additional prompts can be expected in various scenarios:

  • 应用程序所需的权限集已更改。The set of permissions required by the application has changed.

  • 最初对应用程序进行许可的用户不是管理员,现在其他(非管理员)用户首次使用该应用程序。The user who originally consented to the application was not an administrator, and now a different (non-admin) User is using the application for the first time.

  • 最初对应用程序进行许可的用户是管理员,但他们未代表整个组织进行许可。The user who originally consented to the application was an administrator, but they did not consent on-behalf of the entire organization.

  • 最初授予许可后,应用程序使用增量许可和动态许可请求其他权限。The application is using incremental and dynamic consent to request additional permissions after consent was initially granted. 这通常会在以下情况下使用:应用程序的可选功能需要超出基线功能所需权限以外的附加权限。This is often used when optional features of an application additional require permissions beyond those required for baseline functionality.

  • 已在最初授予许可后将其吊销。Consent was revoked after being granted initially.

  • 开发人员已对应用程序作了如下配置:每次使用时,都需要许可提示(注意:这并非最佳做法)。The developer has configured the application to require a consent prompt every time it is used (note: this is not best practice).

后续步骤Next steps