This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Issue

When using AAD to authenticate the K2 mobile app, after authentication you will see an error:
"You can't access this application"

At the bottom of the screen, you will see the text:
"AADSTS90094: The grant requires admin permission"

Symptoms

Please check that your credentials and setup is as shown here:

https://help.k2.com/onlinehelp/k2mobile/userguide/current/default.htm#K2Mobile/Configure/UseK2MobAuthAAD.htm

Resolution

For all users to make use of the "admin consent" permissions, they have to be directed to a new sign in page with the parameter "prompt=admin_consent" set in the query. The admin consent url is exactly the same as the authorization url but has "&prompt=admin_consent" appended to the end.

Additional information can be found here:

https://nicksnettravels.builttoroam.com/post/2017/01/24/Admin-Consent-for-Permissions-in-Azure-Active-Directory.aspx