NOTE: the following applies to version 1.4.0 and up. Version 1.4.0 will become mandatory starting April 2026, with previous versions becoming inoperable. Make sure to upgrade well in advance to prevent any service disruptions.

NOTE: Prior to 16-Jul-2024, Ultimate Forms retrieved an access token based on API Access grant. Those tokens have a short expiration time (about 1 hour) and cannot be renewed, thus leading to potential token expiration mid-work. Direct integration with Entra ID (Azure AD) is implemented to be able to refresh the token behind the scenes. Additional configuration steps described below might be required in your environment due to the change.

Infowise Ultimate Forms uses an access token to gain access to SharePoint configuration and data.

When a user opens the app via Design button, an access token is requested from Entra ID (Azure AD) for the user. Although the app requests Full Control token, the actual token permissions will be issued according to the permissions of the current user. The access token is then used by the app to perform operations on behalf of the user, such as creating new lists and columns, attaching alerts or creating actions. No operation can be performed by the app without a valid access token.

When accessing the app for the first time (or the first time after the access token mechanism change), there are several possible outcomes:

  1. Administrator has already granted consent on behalf of the organization - the app will open without any additional steps
  2. Administrator has not granted consent
    1. Users are allowed to grant their own consent for delegated permissions - a consent confirmation from Entra ID will be displayed to user. Once confirmed the app will open, the consent screen won't be shown again.
    2. Users are not allowed to grant their permissions, but allowed to ask for Administrative consent - the user can ask for a consent, providing a reason. Once an administrator has approved, the user can access the app without any additional steps.
    3. Users are not allowed to grant their permissions and allowed to ask for Administrative consent - the user won't be able to access the app until administrator consent is granted.

 

Administrator has already granted a consent on behalf of the organization

If you recently installed the app using the installation wizard or recently granted consent for Infowise Ultimate Forms Data Access enterpise app, the necessary consent is already given to all users by the administrator. Non-administrators will not be asked for consent again and the app will function normally. This is the most common scenario.

Administrator has not granted consent

If the app was installed or consent granted prior to 1/1/2024, the grant might not contain consent for the delegated permission required. In this case, when a user first accesses the app, it will require consent. Depending on how your tenant is configured, there are several possible scenarios.

The scenario you will encounter depends on two settings in Entra ID found under Applications -> Enterprise applications -> Consent and permissions:

  • User consent settings - specifies whether or not user can grant consent.
  • Admin consent settings - specifies how administrator approvals are handled.

You can also simply grant administrator consent by going to Entra ID -> Applications -> Enterprise applications -> Infowise Ultimate Forms Data Access -> Permissions. Entra ID is found here: https://entra.microsoft.com/ 
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent 

 

Users are allowed to grant their own consent for delegated permissions

When User consent settings are set to Allow user consent for apps, user will be able to grant their own consent and no admistrator intervention will be required.

 

Users are not allowed to grant their permissions, but allowed to ask for Administrative consent

When User consent settings are set to either Do not allow user consent or Allow user consent for apps from verified publishers, for selected permissions, users will be required to receive an administrator approval. When Admin consent settings permit it, users are allowed to request approval directly when trying to access the app. 

Make sure to add at least one administrator under Users and allow sending email notification for both requests and expiration reminders.

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow

The administrator approval scenario include the following steps:

  1. User click on Design button in a SharePoint list
  2. User is presented with administrator approval request screen
  3. User requests an approval

    NOTE: Do not click on Back to app, there is no permission granted yet, it will only result in error.
  4. Administrator receives an approval request
  5. Administrator reviews the request
  6. Administrator approves the request
  7. User receives an email regarding the approval and can now click on Design again and access the app

 

Last modified: 7/16/2024 9:18 PM
Loading...

Add your comment

Comments are not meant for support. If you experiencing an issue, please open a support request.
Reply to: from
Microsoft partner logo GSA Schedule
© 2005-2024 Infowise Solutions Ltd. All rights reserved.
Privacy | Accessibility | Cloud SLA
What is right for you?
Online Trial
Not ready to install yet? Create a trial site in our environment
  • Full control of the site and its settings
  • Optionally pre-install one of our solution templates
  • Site provisioned instantly
  • Automatically removed after 30 days
  • Available to everyone!

Error!

There was an error processing your request.
Please contact us for further details.
Installation
Install in your own environment, in the cloud and on premises
  • Start working with real users and data
  • Install online or on premises
  • Register for 30 day trial
  • Seemlessly convert to paid license
  • Requires administrator permissions

Success!

Download link has been emailed to .
If you do not receive it within 5 minutes, please check your spam.
The link is valid for 72 hours.
If you are having problems, please contact us.

Error!

There was an error processing your request.
Please contact us for further details.
Technical details:
Request a Live Demo
Schedule an online demo with one of our implementation experts.
Discover and experience the wide range of capabilities and features, and have your questions answered in real time.