Office 365 / SharePoint Online – Sorry, only tenant administrators can add or give access to this app.

by · Published · Updated

Hi All,

Today, new issue(my mistake) and learning 😊

Background: I was working on SharePoint online project. We were writing one console application which connects the Office 365 / SharePoint Online on be half of app. That means we were accessing SharePoint Online using an application context (app-only).

Our add-in requiring tenant admin permissions. We have registered our add-in using appregnew.aspx page

URL: https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx

We have generated new client id and client secret. Now we went to appinv.aspx (_layouts/15/appinv.aspx) page, perform the look up for app id generated on appregnew.aspx page and provide following permission as

<AppPermissionRequests AllowAppOnlyPolicy=”true”> <AppPermissionRequest Scope=”http://sharepoint/content/tenant” Right=”FullControl” />

</AppPermissionRequests>

On Create button click, we get an error “Sorry, only tenant administrators can add or give access to this app.” as

Untitled

Figure 1: Office 365 – Assigning permissions to app – appinv.aspx page

What we tried: I was doing these steps with Global Administrator permissions. So really wondering what is the issue? Googled bit but no luck ☹

Then I changed the permissions rather than on permissions for Tenant, I have given permissions for SiteCollection as

<AppPermissionRequests AllowAppOnlyPolicy=”true”> <AppPermissionRequest Scope=”http://sharepoint/content/SiteCollection” Right=”FullControl” />

</AppPermissionRequests> and this worked like wonder.

Solution: As permissions for SiteCollection level working, I was really wondering what is the missing. After some time, I realize that I was trying to give tenant level permissions from my SharePoint site collection and not from admin site. As I generated the add-in id and client secret from my SharePoint site collection, there only I was trying give the tenant level permission.

So, we need to give tenant admin level permission from tenant admin site only as

https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx

But I think error is misleading since even Global Administrator trying to give the permissions and there is no tenant administrator right for Office 365, we have Global Administrator and then other administrators.

 

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Stay tuned on Knowledge-Junction, will come up with more such articles.

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

You may also like...

1 Response

  1. dick says:
    November 27, 2018 at 3:05 pm

    Thank you very helpful.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Microsoft 365

Subscribe now to keep reading and get access to the full archive.

Continue reading