Whitelisting StackAI in Microsoft Entra

If you are getting the following message when trying to make a connection, you need to follow the steps below to whitelist StackAI as a third-party app in Microsoft Entra. The following steps need to be completed by your Microsoft Entra administrator.

Whitelisting StackAI (as a third-party OAuth2 App) in Microsoft Entra

1. Obtain the App Details Get the Application (Client) ID or the Publisher information from the third-party app vendor. Confirm the exact permissions (scopes) the app is requesting.

2. Review Consent Settings in Entra ID Go to the Microsoft Entra admin center. Navigate to Identity > Applications > Enterprise applications. Search for the third-party app. If users have already tried to sign in, it may appear here.

3. Grant Admin Consent (Recommended) Select the app in Enterprise applications. Go to Permissions or Permissions and consent. Click Grant admin consent for [Your Tenant]. Review the requested permissions and confirm. This step ensures all users can log in without being blocked by consent policies.

4. Adjust User Consent Policies (If Needed) If users are being blocked from consenting to third-party apps: In the Entra admin center, go to Identity > Applications > User consent settings. Review the User consent for applications policy. You can allow users to consent to verified publishers, or only to apps requesting low-risk permissions. For stricter control, keep user consent disabled and rely on admin consent as above.

5. Confirm Conditional Access and Security Settings If you have Conditional Access policies that restrict app access, ensure the third-party app is included as an allowed cloud app. Check for any permissions restrictions or app ban lists in Defender for Cloud Apps or similar tools. Notes You do not need to register the app yourself—the third-party app vendor registers their app with Microsoft and provides you with the necessary details. If you are using Microsoft Defender for Cloud Apps, you can explicitly allow or block OAuth apps in its portal. Always review the permissions requested by the app and ensure they align with your organization's security policies. Troubleshooting If the app does not appear in Enterprise applications, have a user attempt to sign in. This should trigger its appearance. If login is still blocked, check for tenant-wide restrictions on third-party app consent or additional security policies. By following these steps, you can whitelist and enable OAuth2 login for a third-party app in your Microsoft 365/Entra ID environment, ensuring users can access it as intended.