< class="prominent-subhead ">

K2 Mobile Authentication error with AAD: "You can't access this application"

~~repeating-content.html~~
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

Issue

When using AAD to authenticate the K2 mobile app, after authentication you will see an error:
"You can't access this application"

At the bottom of the screen, you will see the text:
"AADSTS90094: The grant requires admin permission"

Symptoms

Please check that your credentials and setup is as shown here:

https://help.k2.com/onlinehelp/k2mobile/userguide/current/default.htm#K2Mobile/Configure/UseK2MobAuthAAD.htm

Resolution

For all users to make use of the "admin consent" permissions, they have to be directed to a new sign in page with the parameter "prompt=admin_consent" set in the query. The admin consent url is exactly the same as the authorization url but has "&prompt=admin_consent" appended to the end.

Additional information can be found here:

https://nicksnettravels.builttoroam.com/post/2017/01/24/Admin-Consent-for-Permissions-in-Azure-Active-Directory.aspx