DataMapper Troubleshooting: Admin approval for Microsoft accounts
I got an "Approval required" message
When connecting your Microsoft account to DataMapper, you may get a message saying "Approval required", or "Need Admin approval".
Why am I seeing this message?
It looks like your Microsoft Admin has some restrictions on the apps you can add to your Microsoft account. The best way to get approval for DataMapper will depend on how your Admin has configured your team's access to third-party apps.
Ask an Admin to edit consent and permissions settings
If you see a button that says "Request approval", click it to send an approval link to your Admin. If you don't see that option, you'll need to get in touch with your Admin and ask them for approval. There are two places an Admin can go to approve or deny you access to connect your Microsoft account with DataMapper:
- The Microsoft Entra Admin Center; or
- The Azure Active Directory Admin Center.
If you are a Microsoft Global Administrator or an Azure Active Directory Administrator, you can edit permissions settings yourself. If you are a regular user, ask your Microsoft Global Administrator or your Azure Active Directory Administrator to edit the settings for you using the following instructions.
How to edit permissions in the Microsoft Entra Admin Center:
Start by checking your consent and permissions settings through the Azure portal:
- Sign in to the Azure portal as a Global Administrator.
- Go to Azure Active Directory > Applications > Enterprise applications
- Go to Consent and permissions > User consent settings.
- Select the option: Allow user consent for apps from verified publishers, for selected permissions.
- Then, add the permissions that users can consent to on the Permission classifications screen.
How to edit permissions/approve apps in the Azure Active Directory (AAD):
If your Admin has set up your Azure Active Directory (ADD) system to block apps by default, they will need to go to user settings and choose one of the following options to allow users to connect to DataMapper:
A. Change the defaults to allow users to consent to apps themselves
B. Change the defaults to allow users to send you "Request approval links" for apps
C. Add DataMapper as an approved application for your whole company
Start by going to user settings:
- Log in to portal.azure.com
- Click on Manage Azure Active Directory
- Go to User settings
Now, choose an option:
Option A: Move the Enterprise Applications toggle to "Yes" to let users consent to apps that access company data.
If this option is set to "No", you will always have to give consent to any third-party application before users can access it. If you move the Enterprise Applications toggle to "Yes", each user can decide whether to let an app access any company data they have access to. After moving the toggle, save your changes. It may take a few minutes for your settings to update.
Once you've turned this toggle on:
- Ask the user to try connecting DataMapper to Microsoft again
- This time, they can check the consent box to approve DataMapper themselves
Now they can start using DataMapper.
Option B: Move the Admin consent requests toggle to "Yes" to get users to request Admin consent for apps they don't have permission to give consent for.
Even if you decide that users should always get your approval for apps, choosing this option makes it easy for them to request it and you to give it. Move the toggle for Admin consent requests to “Yes”. After moving the toggle, save your changes. It may take a few minutes for your settings to update. From now on, you will get easy "Request approval" invite links from users before they start using a new app like DataMapper.
Once you've turned this toggle on, do this to approve DataMapper:
- Ask the user to try connecting DataMapper to Microsoft again
- This time, user gets a button to "Request approval", and they should click it
- Check your Admin email for the request link they've just sent you; and
- Follow the link to sign into your Admin account to authenticate;
- Click the checked box to give consent to DataMapper and click Accept
- Go back to https://portal.azure.com/
- DataMapper will appear under All applications.
- Click the "Grant admin consent for DataMapper" button
Now anyone on your team can use DataMapper. You can also view details about the pending request by going to Enterprise applications > Activity > Admin consent requests > My Pending; and selecting DataMapper from the list.
- To see what permissions DataMapper needs, select Review permissions and consent.
- To view the application details, select the App details tab.
- To see who is requesting access and why, select the Requested by tab.
To approve the request, grant admin consent. Once a request is approved, all requestors will be notified. Now all users in your tenant can access DataMapper unless otherwise restricted by user assignment.
Option C: Add DataMapper yourself as an Enterprise Application for your whole company
If you would like everyone in your organization to have access to DataMapper, do this:
- Go to Enterprise Applications
- Choose All Applications
- Click + New Application
- Search "Outlook Connector for PrivacyHub""
- Select "Outlook Connector for PrivacyHub" and authenticate it
Now all users in your tenant can access Privacyhub DataMapper ID unless otherwise restricted by user assignment.
Need more help?
Feel free to reach out to our Customer Success Team. We'd be happy to walk you or your Admin through this guide and answer any questions you may have about security and consent settings for DataMapper.