With Microsoft deprecating Basic Authentication, user accounts for sensors will require Modern Authentication. This article will help you troubleshoot adding OAuth Authorizations inside Exoprise.
Verify User Consent Settings
In Azure Active Directory, it is possible to disable all users ability to accept authorizations by changing the Admin Consent Requests options. This can be viewed by logging into the Azure Portal and navigating to Azure Active Directory then to Enterprise Applications and selecting “Consent and Permissions” under the security section on the left.
In the User Consent Settings you can configure the permissions to allow your users to consent to applications such as our Sensors. You can also configure when they will require requesting an administrator to review and approve the applications. These settings may need to be adjusted if they are set to “Do not allow user consent”.
Admin Consent Settings
If allowing User Consent is not an option, a second option is to allow Admin Consent Requests. Enabling Admin Consent will notify the tenant admins or selected individuals of a pending authorization if made by the user accounts.
To review these settings, from the Azure Active Directory portal in the Enterprise Applications section, select Admin Consent Settings under the Manage left hand menu.
From here, you can verify that the “User can request admin consent to apps they are unable to consent to” is set to Yes which will allow those user accounts to request consent if locked down.
Accepting Authorization
If User Consent is disabled, once ‘Request Admin Consent’ has been enabled you can go through the Authorization process at https://secure.exoprise.com/OAuth or from the sensor creation page explained in this article.
If configuring the OAuth from https://secure.exoprise.com/OAuth, once there, select the correct API to Authorize, provide a label to identify what the authorization is for, and select Add.
At this point you will be prompted for the credentials, you will need to input the account you are using for the sensor here. After inputting the password, you will be prompted to ‘Request Admin Consent’. Once you have reached this step, an administrator account will need to accept the authorization from the Azure Admin Portal.
Once an administrator has accepted the Authorization in the Azure Admin Portal, you will need to run through the authorization request again at https://secure.exoprise.com/OAuth and it should authorize without prompting for administrative consent.