Share via

New users added in the last 2 weeks cannot access the app. Error "Admin Consent required". No previous users using the app received this error and were able to use the app.

BO 20 Reputation points
2025-12-10T15:47:40.09+00:00

Customer has been using the Hubspot Sales app for about a year now, adding users to the app with no issues. In the last week they tried to add another user and are getting "Admin Consent required".

This has not happened in the past and I'm told no changes have been made by the Owner in the Admin portal. In the logs I see previous users Request ID is "Aggregate" new users Request ID is populated by a numeric string. If I look at a user setting that works, I can see (Permission Granted by User Consent). New users don't have the have that entry in their settings.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. Monalisha Jena 4,145 Reputation points Microsoft External Staff Moderator
    2025-12-12T08:44:57.8+00:00

    Hello BO,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I will try to clarify your doubts and provide you some solutions.

    So, the HubSpot Sales enterprise application requires delegated permissions (likely Microsoft Graph scopes like Mail.Read or User.Read) classified as medium/high impact, triggering admin consent under updated Entra ID policies. Legacy users show "Permission Granted by User Consent" with "Aggregate" Request IDs from prior user-consent grants, while new users lack these grants and receive numeric Request IDs tied to pending admin approval workflows. Existing consents persist unaffected, explaining why only recent attempts fail.

    Would like to know some extra points for better troubleshooting as:

    Has HubSpot recently changed their permission set? Did your tenant recently change User Consent policies? Is HubSpot showing as Publisher Verified?

    Till then will provide you below solutions.

    1. First try to Grant Admin Consent for HubSpot:

    This immediately fixes access for all current and future users.

    • Sign in as Global Admin / Cloud App Admin / App Admin
    • Then Go to: Microsoft Entra admin center > Identity > Applications > Enterprise applications
    • Open HubSpot Sales and Go to Permissions
    • Click "Grant admin consent for"

    Do refer: https://dori-uw-1.kuma-moon.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal

    1. Try to Enable Admin Consent Workflow (safer + controlled):

    Allows users to request approval instead of seeing a hard block.

    • Go to: Enterprise applications > Consent and permissions > Admin consent settings
    • Enable "Users can request admin consent to apps they are unable to consent to"
    • Add reviewers (Global Admin / Cloud App Admin / App Admin)

    Reference: https://dori-uw-1.kuma-moon.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow

    1. Review User Consent Settings:

    Check the tenant’s User Consent policy:

    Enterprise applications > Consent and permissions > User consent settings

    Ensure it is not set to:

    • Do not allow user consent (blocks all new users)
    • Allow user consent only for verified publishers (blocks unverified HubSpot apps)

    Do refer: https://dori-uw-1.kuma-moon.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal

    1. Check if App Requires User Assignment:

    If “User assignment required” = Yes, new users must be explicitly assigned.

    Reference: https://dori-uw-1.kuma-moon.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal

    Hope this helps! If it answered your question, please consider clicking Accept Answer and Upvote. This will help us and others in the community as well.

    If you need more info, feel free to ask in the comments. Happy to help!

    Regards,

    Monalisha

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-10T15:47:53.1866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The issue you are experiencing with new users receiving the "Admin Consent required" error when trying to access the Hubspot Sales app is likely related to the permissions that the application requires. In Microsoft Entra ID, certain permissions require admin consent, and if these permissions were not granted to the new users, they will encounter this error.

    Since previous users were able to access the app without issues, it is possible that the permissions required by the Hubspot Sales app have changed, or that the new users are attempting to access features that require admin consent that was not previously needed for existing users.

    To resolve this issue, an administrator should review the permissions requested by the Hubspot Sales app and provide the necessary admin consent. This can be done by signing into the Azure portal, navigating to the Enterprise applications section, and granting the required permissions for the app.

    Additionally, you can check the settings for user consent in your organization to ensure that users are allowed to consent to applications that do not require admin consent. If the setting is disabled, all users will require admin consent to access the application.

    If the application requires admin consent and an admin signs in without the prompt=consent parameter being sent, the consent will only apply to their user account, and regular users will not be able to sign in or consent to the application. Therefore, it is essential to ensure that the admin consent is granted appropriately for all users who need access.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.