I’ve been contacted by several people over the last few days who have been experiencing an error when trying to get Omnichannel configured. It looks something like:
The actual text of the error is: AADSTS65001: The user or administrator has not consented to use the application with ID ’18cc9627-776c-4142-b8f5-9cd83517e3bb’ named ‘Omnichannel for Customer Service’. Send an interactive authorization request for this user and resource. Trace ID: 36dd2358-2d41-463c-a2f6-013038636400 Correlation ID: 9ac093cd-e525-4bb4-b277-3ac8e7478b6b Timestamp: 2020-01-07 12:14:15Z
No matter what people tried, they still got it. I went through the process of setting up a completely new environment – lo and behold, I got the same issue! (the screenshot above is actually from my system). Incidentally this is why it’s so important to be able to replicate an issue, so that you can confirm what’s actually causing it to happen.
Reaching out to some very helpful people at Microsoft, I (thankfully) got a quick response from them
Essentially, there are some issues with Azure Active Directory (AAD) consent flows for applications at the moment (it’s not specific to Omnichannel). There’s a fix that’s being worked on, but no idea when it will be finished and rolled out.
They were nice enough to share with me how to address it, which is what I’m now sharing here! To fix this issue, carry out the following steps to manually grant permissions to the application:
1. In your Azure Portal, search for ‘Azure Active Directory’ in the search bar, click on it when it comes up, and navigate to Enterprise Applications in the left hand bar. Alternatively you can use https://ms.portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/to get you straight there.
Click it to open, and you’ll see a list of the enterprise applications that use AAD.
2. You’ll then want to search for the application that has the issue (in this case, Omnichannel)
You’ll want to double-check that the ‘Application ID’ is the SAME as the Application ID that you’re getting in the error message, especially if there are multiple results coming up in the search list!
Once you’re sure that it’s the correct application, click it to open it.
3. You’ll see a section in the left bar called ‘Security’, and under this should be an entry for ‘Permissions’. When this opens, you’ll see a button in the main window called ‘Grant admin consent for User‘.
4. Click this – it’ll cause a window to pop up, where you’ll grant permissions for the application. Once granted, the window will automatically close.
You can then go back to the place where you were experiencing the error, and it should work!
It worked, thanks
Glad to hear!
Unfortunately this did not work for me. I had to manually setup an URL with the ID.
I wrote a little blog post about it:
https://www.dyn365blog.com/omnichannel-engagement-hub-aadsts65001-the-user-or-administrator-has-not-consented-to-use-the-application-with-id/
Hi Ritchey
Thanks for the feedback – slightly surprised to hear, as since this was raised to me earlier this week I know of at least a dozen different environments having the issue that have followed the steps above, and it’s been successful for all of them.
Could you possible share what happened when you did go through the steps above, and what happened then?
Thanks
I followed exactly the same steps as you wrote in the blog.
Just to be sure I did the consent part for all the 3 apps in Azure.
I’ve also double checked the application ID and they were exactly the same as the ID in the error message.
So I got to the consent overview, granted permission, but was still not able to run the installation from the Omnichannel maintenance page. I had to run the URL before it ultimately worked.