Use a clean text program (Notepad for Windows, Text Edit for Mac) to create a Uniform Resource Identifier (URI) for authorization by pasting the below text and substituting the client_id, redirect_uri, and stae values.
https://login.microsoftonline.com/common/oauth2/authorize? client_id='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx' &response_type='code' &redirect_uri='https://www.<ourdomain>.com' &response_mode='query' &state='SOME_UNIQUE_UID' client_id value should be the client_id generated in App Registration process redirect_uri value should be same as value entered at the time of App registration-> Redirect URIs state value can be any ID (e.g.,12345)
|client_id value||should be the client_id generated in App Registration process|
|redirect_uri value||should be same as value entered at the time of App registration > Redirect URIs|
|state value||can be any ID (e.g.,12345)|
The final URL should look something like this:
Open the URI you created in any browser.
Log in as the Sync User you’re granting permissions for.
If you’re already logged in to Azure as an Admin in another tab, you’ll need to use a different browser or Incognito mode to log in as the Sync User.
As an administrator, you can also consent to an application’s delegated permissions on behalf of all the users in your tenant. Administrative consent prevents the consent dialog from appearing for every user in the tenant, and can be done in the Azure portal by users with the administrator role. Learn which administrator roles can consent to delegated permissions here.
In your Azure portal, navigate to the application homepage.
Under Manage, click API Permissions.
Click the Grant admin consent (for tenant) button.
Click Yes to confirm.