How to fix the ‘Need admin approval’ error while trying to sign in to the signature management app
While trying to sign in to the signature management app, a user receives the following error:
Need admin approval. CodeTwo Email Signatures for Office 365 User Logon needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
First of all, make sure that this user has been added to the signature management app users list in the CodeTwo Admin Panel (learn more). If that’s the case and the problem persists, this might mean that application options in your Microsoft 365 are preventing users from using the CodeTwo application. You can access these options to resolve this problem in two different ways, by using either the Azure portal or the Microsoft 365 admin center. The changes you will be making are in fact restoring the default Microsoft 365 settings.
- Enabling app registration by users in the Azure portal
- Allowing users to choose if an app can access their information
You can also configure the admin consent workflow in the Azure portal as discussed in this Microsoft article. This will enable an Azure AD workflow designed specifically for users to request admin approval for an application they are not authorized to consent to on their own, and for the admin to grant such approval.
Use the Azure portal to allow users to register applications. To do this:
- Log in to the Azure Active Directory admin center.
- Click Azure Active Directory in the menu on the left and then click Users as shown in Fig. 1.
- Go to User settings and under App registrations select Yes (Fig. 2.).
If the solution above resolved the problem and the user is able to sign in to the signature management app at app.codetwo.com, you can return to your previous settings.
Use the Microsoft 365 admin center to allow users to let third-party apps access their information. Follow the steps below to do so:
- Log in to the Microsoft 365 admin center.
- Select the classic admin center layout using the switch in the upper right corner (Fig. 3.).
- Expand the Settings list and select Services & add-ins (Fig 4., item 1).
- Select Integrated Apps (Fig 4., item 2).
- In the pane that opens, turn On the Let people in your organization decide whether third-party apps can access their Office 365 information option (Fig. 5.).
- Click Save to submit changes.
If the solution above resolved the problem and the user is able to sign in to the signature management app, you can return to your previous settings.