Entra ID Authorisation

This guide is for IT administrators whose organisations require approval before users can sign in to third-party applications using Microsoft or Google accounts. It is also accessible at admin.airgentic.com/it-admin-setup.

Do You Need This Page?

Most organisations do not need any IT setup. Airgentic only requests standard OpenID Connect permissions (openid, email, profile) that users can consent to themselves in most Azure AD / Entra ID configurations.

This page is needed only if your organisation has configured Azure AD / Entra ID to block all third-party applications regardless of what permissions they request — a strict security policy used by some government, education, and enterprise environments.

If your users have .gov, .gov.au, or .edu email addresses, or if your organisation enforces strict app approval policies, follow the steps below.

Microsoft / Azure AD Setup

What permissions does Airgentic request?

• openid — Standard OpenID Connect authentication
• email — The user's email address
• profile — Basic profile information (name)

Airgentic does not request access to Microsoft Graph API or any organisational data. No data is stored beyond what is needed for authentication.

Application Details

• Application Name: ET Admin Console / Airgentic
• Publisher: admin.airgentic.com
• Application (Client) ID: Contact support@airgentic.com for the Client ID specific to your deployment.

Option 1: Grant Admin Consent (Button)

If your organisation blocks all third-party apps, a Global Administrator can grant consent for the entire organisation in one step.

Contact support@airgentic.com to receive a direct admin consent link for your organisation. You will need to sign in with an Azure AD / Entra ID Global Administrator account.

Option 2: Approve via Azure Portal

1. Sign in to the Azure Portal
2. Navigate to Microsoft Entra ID > Enterprise Applications
3. Search for the Application ID (provided by Airgentic support) or search for "Airgentic"
4. Go to Permissions and click Grant admin consent

Option 3: Enable User Consent (Recommended)

Instead of pre-approving Airgentic specifically, you can enable user consent for low-risk permissions across all verified applications:

1. Sign in to the Azure Portal
2. Navigate to Microsoft Entra ID > Enterprise Applications > Consent and permissions
3. Under User consent settings, select Allow user consent for apps from verified publishers, for selected permissions
4. This allows users to consent to standard OpenID Connect scopes without IT involvement

Google Workspace Setup

What permissions does Airgentic request?

• Basic profile information (email address and name)
• OpenID Connect authentication scopes

No additional data access is requested.

How to pre-approve for Google Workspace

1. Sign in to the Google Admin Console
2. Navigate to Security > API Controls > App access control
3. Click Manage Third-Party App Access
4. Search for "Airgentic" or add by Client ID (contact support@airgentic.com)
5. Set access to Trusted for your domain

Note: Google Workspace typically allows user consent by default for basic profile scopes. Pre-approval is only needed if your organisation has restricted app access.

Troubleshooting

"Admin approval required" or AADSTS65001 error

Your organisation has disabled user consent for all applications. Use Option 1 above to grant admin consent, or enable user consent for verified apps using Option 3.

"You don't have permission" or AADSTS50105 error

The application requires user assignment. Go to Microsoft Entra ID > Enterprise Applications > Airgentic > Properties and either:

• Set "Assignment required?" to No to allow all users, or
• Go to Users and groups and add the specific users who need access

Login appears to work but redirects back with no error

This can happen if:

• The user closed the Microsoft login popup before completing sign-in
• A browser extension is blocking the OAuth callback
• The browser is blocking third-party cookies — try disabling strict cookie blocking in your browser settings

"Grant Admin Consent" button shows an error

Ensure you are signed in with a Global Administrator or Privileged Role Administrator account. Other admin roles cannot grant consent for the entire organisation.

If you see AADSTS90094, your tenant may have additional restrictions. Try using Option 2 to approve via the Azure Portal instead.

Need Help?

If you have questions or need assistance, contact the Airgentic support team:

Email: support@airgentic.com