This article describes the Azure Admin steps necessary to ensure users on their organization's Microsoft Entra ID (formerly Active Directory) are able to use Microsoft 365 Authentication to access the Co. Society Application.
The Co. Society Application supports Email, Microsoft 365 (Including Entra ID) and Google authentication. Where Microsoft 365 Authentication is used, the application requests only 2 permissions as below.|
API Name |
Claim value |
Permission |
Type |
Purpose |
|
Microsoft Graph |
openid |
Sign users in |
Delegated |
Profile / Security |
|
Microsoft Graph |
profile |
View users' basic profile |
Delegated |
Profile / Security |
The Co. Society Azure application used for authentication requests these very minimal user delegated permissions (openid and profile) to securely sign users in (users who chose to sign-in using Microsoft 365 / Entra ID) and personalize their experience by using their email and display name. This standard practice ensures user data security and privacy while enhancing the in-app experience.
Before enabling sign-in via Microsoft 365 with Entra ID, an Azure Admin must approve our app's permissions for your organization. This ensures secure and personalized access. If permissions are not granted, users have the option to sign up and sign in using their email, maintaining access for all.
How to grant consent on behalf of your organization
The following steps should be carried out by an Azure / Entra ID administrator with the necessary permissions.
There are two Azure Admin consent steps! Consent needs to be granted first by running the app as an Azure Admin, then under Enterprise Applications in Azure.
The simplest way to grant consent as an Azure Admin, is to install and run the Co. Society desktop application, select Microsoft 365 as the authentication method, enter your credentials, and on the permissions notice select the Consent on behalf of your organization checkbox
This ensures user's do not need to individually consent / seek approval to grant these permissions.
After you have done this, login to https://portal.azure.com/
Go to Entra ID → Enterprise applications.
Having granted permissions first via authentication as an Azure Admin IN the Co. Society desktop application, you should now see the CosocietyApp application under Enterprise Applications (this can take several minutes to appear after the first consent was granted).
Name: CosocietyApp
Object ID: 1bd34725-5184-4d57-b526-4916d1651c98
Application ID: 542ced31-6427-4344-a2d0-c21d4d215920
Under the same Entra ID → Enterprise applications section, you should then navigate to Permissions → Grant admin consent and in the new window select Allow.
With the second level consent granted in Azure, users will be able to login to the Co. Society desktop application using the Microsoft 365 option without having to individually grant consent or seek admin consent.