Scopes requested
Trelica needs theDeviceManagementManagedDevices.Read.All
scope to read Intune asset data.
Application consent in Entra ID
Microsoft Entra ID (formerly Azure AD) now offers a very comprehensive approach to OAuth application security. Recommended settings are to limit users' abilities to consent to OAuth applications - if you're an Entra Administrator you can see the configuration your organization is using under Enterprise applications > Consent and permissions > User consent settings.
Trelica requires a number of permissions to access resources in Entra ID and it's likely you will have Do not allow user consent or Allow user consent for apps from verified publishers, for selected permissions selected. In this case connecting Trelica to Entra ID with a non-Entra administrator account will show the Need admin approval message:
As the message suggests, you could switch to using an Entra administrator account to make the connection by clicking Have an admin account? Sign in with that account.
Trelica will not be granted the full access of your administrator account - our access is limited to the OAuth scopes we request.
Approving the Trelica application connection using a separate Entra admin account
If you want to use a different user account (perhaps a specific Trelica 'service' account with just the Global Reader role) to connect from Trelica to Entra ID, then you will still need an Entra Administrator to approve the Trelica application.
The easiest way to do this is to ask an Entra Admin (who does not need to have a Trelica account) to click the following link:
https://login.microsoftonline.com/common/adminconsent?client_id=e1ecc680-201e-4a67-9671-6a159d448669
This will initiate the process for approving the Trelica connection in Entra ID. They will be shown the following screen:
You do NOT need to Consent on behalf of your organization. If you leave the box unchecked it just means that if a new connection is made, then the user must review the access Trelica is requesting.
After you click Accept, then the user will see a message from Trelica that says "Request forwarding failed Forwarding the request to the upstream server failed. Please retry, and if the problem persists contact Trelica support."
You can ignore this message - it's simply because the request was initiated from a direct URL outside Trelica. We are working to improve the wording of this.
Comments
0 comments
Please sign in to leave a comment.