Many organizations configure their Microsoft Office 365 tenants with security settings that prevent individual users from granting permissions to third-party applications. This is a common and effective security control allowing IT administrators to maintain oversight and control over which integrations are active within the organization.
For Albacross’s Microsoft integration to function correctly within such environments, an administrator must grant consent on behalf of the entire organization. This admin consent authorizes the application to access the necessary data and perform actions as required by the integration.
Administrators have two primary methods for granting this consent:
1. Via an Admin Consent URL (preferred method)
This method works whether or not the Albacross application has been previously added to your tenant. You will need your organization’s unique Tenant ID.
Construct the following URL, replacing {TENANT_ID} with your actual tenant ID (see Microsoft’s guide to find your Tenant ID):
https://login.microsoftonline.com/{TENANT_ID}/adminconsent?client_id=5d5deed1-34f3-42d3-949a-ed1f23960238
Navigate to this URL in your web browser. You will be prompted to log in as an administrator and review the permissions the Albacross application requests before granting consent.
2. Via app settings in Microsoft Entra
If the Albacross application has already been added to your tenant (either by an administrator or by a user before stricter consent controls were in place), you can grant admin consent directly in the Microsoft Entra admin center:
Go to Applications → Enterprise applications in the Microsoft Entra admin center.
Search for “Albacross App” in the list of applications.
If you cannot find “Albacross App”, it means the application is not yet installed. In that case, please use method 1 above.
Click on the “Albacross App” entry to open its settings.
In the left-hand sidebar, under Security, click on Permissions.
Click the button labeled “Grant admin consent for {your organization}”.
3. Configure an admin consent workflow in Microsoft Entra
If you prefer, you can allow users to request admin consent for applications themselves. This is useful if you cannot grant consent immediately via the other two methods and want to streamline future requests.
To configure an admin consent workflow, follow Microsoft’s official documentation: Configure the admin consent workflow.
Required Microsoft Graph Permissions
Albacross requires the following Microsoft Graph permissions for integration to function correctly:
Mail.Send – Send emails on behalf of users
Mail.ReadWrite – Read and manage user emails
User.Read – Access basic user profile information
openid, profile, email – Standard authentication scopes
offline_access – Maintain connection when user is offline
⚠️ Important: These permissions must be granted at the tenant level. It is not currently possible to restrict them to a single user’s mailbox.
Security Details
Uses OAuth 2.0 standard authentication
All data transmission encrypted via TLS 1.2+
Email data processed only for outreach automation
Fully compliant with Microsoft security standards
Network Requirements
Outbound HTTPS access to graph.microsoft.com
Access to login.microsoftonline.com for authentication
Verifying that admin consent has been granted
To check whether consent was granted successfully:
Go to Applications → Enterprise applications in the Microsoft Entra admin center.
Search for “Albacross App”.
If you cannot find it, the application is not yet installed. Please use method 1 above.
Open the application details.
In the left-hand sidebar, under Security, click on Permissions.
Verify that admin consent has been granted for all required permissions:
Mail.Send
Mail.ReadWrite
User.Read
openid, profile, email
offline_access
Microsoft’s version of this documentation
For reference, you can also consult Microsoft’s official help article on granting admin consent: Grant admin consent in Microsoft Entra.