"Need admin approval" message when trying to connect email accounts in JSM Cloud

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

When trying to connect a Microsoft mail handler for JSM, admins may receive the message "Need admin approval".

Solution

Details about the error

Once the error appear, the only options available are "Have an admin account? Sign in with that account” and “Return to the application without granting consent”, but none of them will connect the desired mail account as a mail handler.

(Auto-migrated image: description temporarily unavailable)

Why does this message appears to Jira admins?

This happens because Microsoft AD has a setting to control who can perform OAuth connections for apps (which is this type of connection) and this setting is disabled for users in Microsoft AD. The configuration is explained in Microsoft documentation: Configure the admin consent workflow - Microsoft Entra ID.

That said, if the option “Have an admin account? Sign in with that account” is selected, and you authenticate with an Azure AD admin account, this admin account will be added as a mail handler and not the desired account you would like to connect. Selecting “Return to the application without granting consent” will make the connection unsuccessful.

Admin consent requests in Microsoft AD

As it’s a Microsoft AD setting, you must contact your company’s Microsoft AD admin to review the configuration. More specifically, the setting “Users can request admin consent to apps they are unable to consent to​” that is currently set to “No”.

(Auto-migrated image: description temporarily unavailable)

According to Configure the admin consent workflow - Microsoft Entra ID the steps to access this page are:

To enable the admin consent workflow and choose reviewers:

  1. Sign in to the Microsoft Entra admin center as a Global Administrator.

  2. Browse to Identity > Applications > Enterprise applications > Consent and permissions > Admin consent settings.

  3. Under Admin consent requests, select Yes for Users can request admin consent to apps they are unable to consent to .

Enabling this setting should allow users to request approval when trying to connect the mail handler and other apps:

(Auto-migrated image: description temporarily unavailable)

Then, the Microsoft AD admins can follow the Review and take action on admin consent requests - Microsoft Entra ID to approve the request.

Updated on April 11, 2025
Platform
Cloud only
Product
Jira Service Management Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community