Problem

The user enters the credentials to start a session with the IGEL Windows 365 app, but the session does not start. Instead, a prompt informs the user about missing permission to access resources in the organization.

This behavior is the same for all users in your organization because the underlying problem is tenant-wide.

Background

Your IGEL Windows 365 client app needs access to your organization's resources via the Microsoft Graph API. This enables the app to gather user information, like user pictures, and to control the virtual machine that hosts the session. For this purpose, admin consent must be granted in Microsoft Entra first. This involves providing the client ID, or app ID, of the IGEL Windows 365 app.

Solution

You must ensure that tenant-wide admin consent to the IGEL Windows 365 app is granted. Microsoft describes several methods; see Grant tenant-wide admin consent to an application

For the IGEL Windows 365 app, the following two methods have been verified:

  • If you are not a Microsoft Entra administrator, send an app ID consent request directly from the IGEL Windows 365 app to your Entra administrators (assuming your Entra is configured to allow this). The Entra administrators then need to review and consent to the app in Entra.
  • If you are a Microsoft Entra admin with permission to consent apps, you can use this URL pattern: https://login.microsoftonline.com/{organization}/adminconsent?client_id=bcecda93-b0e7-48ce-ae4d-3263836332be
    Replace {organization} with your Microsoft Entra ID; note that     bcecda93-b0e7-48ce-ae4d-3263836332be is the app ID of the IGEL Windows 365 app. For further details, see Construct the URL for granting tenant-wide admin consent.
    After a few minutes, the syncing should be done, and the app ID should be displayed.