How to Authorize Sync Engine in Corporate Office 365 / Azure Settings¶
LinkPoint Connect(ME) Sync is ready to be connected to any supported email server out of the box. Similarly to LPC Add-In installed for end users’ mail accounts, it is a server app that requires specific server-side permissions to run for individual users. Specifically, security policies configuration established in a company’s Office 365 / Azure infrastructure should explicitly allow the app to run; that can be ensured by the local Administrator via Microsoft 365 Admin center and Azure Active Directory.
This troubleshooting article addresses the three common issues which may prevent LPC Sync engine’s functioning on server side.
Tip
Also see this LPC FAQ entry to learn what data access permissions the solution requires to perform its functions.
I. Check your corporate firewall configuration¶
See this article for complete information on how to do that.
II. Adjust Azure server Enterprise Applications configuration¶
Steps how to do that:
1. Log in to the Azure management portal https://portal.azure.com with Admin credentials
2. Click on All services in the Main menu
3. Select the directory you are using for the LinkPoint Connect(ME) server app
4. Click on the Enterprise applications tab
5. Select the application from the list of applications associated with this directory
6. Click the Properties tab
7. Change the Enabled for users to sign-in? toggle to Yes
8. It is also recommended (but not required) to enable the User assignment required? toggle; this allows the end users to authorize Connect(ME) sync independently from the Admin
9. Click the Save button at the top of the page
10. In addition, check whether the LinkPoint Connect(ME) application with the ID indicated in the error notification you got is on the list of applications (added/allow-listed for the users to be assigned).
III. To resolve the “You can’t access this application” error on users authentication via a service account¶
If you get an error notification containing the message “LinkPoint Connect(ME) needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it” or a status code AADSTS90094, you need to adjust your Office 365 settings to allow the end users to sign in to apps like LinkPoint Connect(ME) Sync.
Why does this error occur?¶
The most common cause is when the end users have no permission to confirm OAuth consent screens for an application, unless they have Admin rights within your Office 365 tenant. Enterprise apps like LinkPoint Connect(ME) use OAuth as a more secure way to authorize scoped access to your Office 365 tenant email and calendar data with a username and password. Learn more about service principals and Enterprise app permissions here.
Additional Microsoft articles for your reference¶
- Assign a user or group to an enterprise app in Azure Active Directory
- How to assign users and groups to an application
- Apps, permissions, and consent in Azure Active Directory
- Assign a user or group to an enterprise app in Azure Active Directory
We would love to hear from you