NOTE: the following applies to version 1.4.0 and up. Version 1.4.0 will become mandatory starting April 2026, with previous versions becoming inoperable. Make sure to upgrade well in advance to prevent any service disruptions.
NOTE: Prior to 16-Jul-2024, Ultimate Forms retrieved an access token based on API Access grant. Those tokens have a short expiration time (about 1 hour) and cannot be renewed, thus leading to potential token expiration mid-work. Direct integration with Entra ID (Azure AD) is implemented to be able to refresh the token behind the scenes. Additional configuration steps described below might be required in your environment due to the change.
Infowise Ultimate Forms uses an access token to gain access to SharePoint configuration and data.
When a user opens the app via Design button, an access token is requested from Entra ID (Azure AD) for the user. Although the app requests Full Control token, the actual token permissions will be issued according to the permissions of the current user. The access token is then used by the app to perform operations on behalf of the user, such as creating new lists and columns, attaching alerts or creating actions. No operation can be performed by the app without a valid access token.
When accessing the app for the first time (or the first time after the access token mechanism change), there are several possible outcomes:
- Administrator has already granted consent on behalf of the organization - the app will open without any additional steps
- Administrator has not granted consent
- Users are allowed to grant their own consent for delegated permissions - a consent confirmation from Entra ID will be displayed to user. Once confirmed the app will open, the consent screen won't be shown again.
- Users are not allowed to grant their permissions, but allowed to ask for Administrative consent - the user can ask for a consent, providing a reason. Once an administrator has approved, the user can access the app without any additional steps.
- Users are not allowed to grant their permissions and allowed to ask for Administrative consent - the user won't be able to access the app until administrator consent is granted.
Administrator has already granted a consent on behalf of the organization
If you recently installed the app using the installation wizard or recently granted consent for Infowise Ultimate Forms Data Access enterpise app, the necessary consent is already given to all users by the administrator. Non-administrators will not be asked for consent again and the app will function normally. This is the most common scenario.
Administrator has not granted consent
If the app was installed or consent granted prior to 1/1/2024, the grant might not contain consent for the delegated permission required. In this case, when a user first accesses the app, it will require consent. Depending on how your tenant is configured, there are several possible scenarios.
The scenario you will encounter depends on two settings in Entra ID found under Applications -> Enterprise applications -> Consent and permissions:
- User consent settings - specifies whether or not user can grant consent.
- Admin consent settings - specifies how administrator approvals are handled.
You can also simply grant administrator consent by going to Entra ID -> Applications -> Enterprise applications -> Infowise Ultimate Forms Data Access -> Permissions. Entra ID is found here: https://entra.microsoft.com/
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent
Users are allowed to grant their own consent for delegated permissions
When User consent settings are set to Allow user consent for apps, user will be able to grant their own consent and no admistrator intervention will be required.
Users are not allowed to grant their permissions, but allowed to ask for Administrative consent
When User consent settings are set to either Do not allow user consent or Allow user consent for apps from verified publishers, for selected permissions, users will be required to receive an administrator approval. When Admin consent settings permit it, users are allowed to request approval directly when trying to access the app.
Make sure to add at least one administrator under Users and allow sending email notification for both requests and expiration reminders.
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow
The administrator approval scenario include the following steps:
- User click on Design button in a SharePoint list
- User is presented with administrator approval request screen
- User requests an approval
NOTE: Do not click on Back to app, there is no permission granted yet, it will only result in error. - Administrator receives an approval request
- Administrator reviews the request
- Administrator approves the request
- User receives an email regarding the approval and can now click on Design again and access the app