Azure OpenID Direct Connect displays 'Need Admin Approval' instead of redirecting to vFunction Server

Overview of the Issue

This issue occurs in the following circumstances:

  1. A vFunction organization configures Azure OpenID Direct Connect (OIDC) by creating the Azure Application, modifying the Server’s server-installation.yaml and running the vFunction Upgrade Script
  2. The user is authorized in the vFunction Server UI as well as to the Azure vFunction Application
  3. The user opens the vFunction Server address in a browser
  4. The user is redirected to login.microsoftonline.com and inputs / selects their email address
  5. Unexpectedly, instead of seeing a screen where the user can grant consent to the Azure vFunction Application, the user sees a Microsoft dialog box that says:
Need admin approval

Needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

- Have an admin account? Sign in with that account
- Return to the application without granting consent

Solution

The Azure Administrator needs to grant access to allow users to consent to using the Azure vFunction Application. This Administrator should take the following steps:

  1. Log into the Azure Entra’s Enterprise Applications' Consent and Permissions

Instead of using the link above, the Administrator can also:

  1. Go to the Azure Portal
  2. Select Enterprise Application
  3. Select Consent and Permissions
  4. Select User Consent Settings
  1. Select Allow user consent for apps. All users can consent for any app to access the organization’s data.
  2. Save the changes

When repeating the authentication flow, end users will now see a Microsoft Dialog Box with a Consent Request that asks the user to:

[Email Address]

Permissions requested
[App Name]

This application is not published by Microsoft.
This application would like to:
- View your basic profile
- Maintain access to data you have given it access to

Accepting these permissions means that you allow this app to use your data as specific in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com.

Does this app look suspicious?

Cancel | Accept

Updated on 04 Dec 2025