Teamflect requires administrative consent to access Office 365 data, enabling core capabilities such as directory access, user insights, and deployment of reviews, surveys, and 360-degree feedback across your organization.
Why Admin Consent Matters
Seamless User Experience: Eliminates the disruptive consent prompt during user login.
Centralized Deployment: Enables Teamflect admins (People & Culture Team) to roll out reviews, surveys, and other initiatives organization-wide without individual user actions.
Why Teamflect Needs Application Access (Admin Consent)
Some Microsoft Graph permissions that Teamflect uses require tenant-wide access that individual users can’t grant. When an app needs to access organizational data across your entire Microsoft 365 tenant, Microsoft treats those permissions as application (app-only) access, which requires administrator consent.
This means that Teamflect accesses Microsoft Graph as an application, not on behalf of a signed-in user. As a result, the required permissions must be granted through administrator consent at the tenant level.
What this means for admins
Admin consent is a one-time, tenant-wide approval
No individual user consent is required afterward
Permissions are centrally managed and can be reviewed or revoked at any time in Microsoft Entra ID
Here’s why this matters for Teamflect:
Automated directory and user sync: To build and maintain org charts, reporting lines, departments, managers, and other user metadata across your company, Teamflect needs read access to directory data at the tenant level (e.g.,
Directory.Read.All). This cannot be authorized by a delegated user token alone — it requires application-level consent.Bulk and background features: Capabilities such as bulk deployment of reviews and surveys, calendar sync across users, and group goal associations rely on the app being able to read or process data without a signed-in user present. Those use cases depend on application access.
Seamless experience: With admin-granted application access, end users don’t see repeated consent prompts, and IT can centrally manage permissions and features across the organization.
What Admin Consent Does
Granting admin consent essentially tells Microsoft: ''This organization authorizes Teamflect to use the requested application permissions on behalf of all users, so Teamflect can perform its background and tenant-wide operations.''
Without admin consent:
Some organizational features won’t work automatically. See here.
Users may be prompted individually for permissions they cannot grant.
This admin consent step is a one-time setup that unlocks the full power of Microsoft Graph for Teamflect across your tenant.
🔐 Granting Administrator Consent for Teamflect
Step 1 - Access the Azure Portal
To log in to Teamflect, your users will need to click accept and give consent to Teamflect. Giving administrator consent as the Microsoft365 administrator will not only help your users bypass this dialog but will also enable your Teamflect administrators to centrally deploy reviews, surveys, and 360-degree feedback cycles.
To give administrator consent on behalf of your users, please go to: https://portal.azure.com
Step 2 - Navigate to Enterprise Applications
Step 3 - Locate Teamflect
Find Teamflect in the list.
In the Teamflect app pane, open the Permissions (or Permissions and consent) tab.
Tip: If it's missing, that means no one from your organization has logged into Teamflect yet. Head to app.teamflect.com/getstarted, sign in, then refresh the Enterprise Applications page.
Step 4 - Grant Admin Consent
Click Grant admin consent to authorize Teamflect on behalf of your users.
Step 5 - Confirm the Action
Watch for confirmation that consent has been successfully granted.
You can now deploy features like organizational feedback and surveys without requiring end-user approval.
See Microsoft's documentation here for granting and managing consent to Teams app permissions.
Quick Reference Table
Step | Description |
1 | Log in to portal.azure.com |
2 | Go to Enterprise Applications |
3 | Find Teamflect or log in via https://app.teamflect.com if not visible |
4 | Open Permissions and click Grant admin consent |
5 | Confirm and deploy features organization-wide |
Pro Tips for Microsoft Admins (IT Teams)
No Teamflect Yet? Make sure at least one user logs in before attempting to find the app in Azure.
Review Permissions: Be aware of what data Teamflect is requesting. For example, if you’ve added Files.Read or Files.Read.All, make sure the broader scope is documented and approved.
Audit It: Use Azure’s audit logs to track when consent was granted and by whom—vital for governance and compliance.
Communicate the Change: Let your users know the consent is handled—it makes onboarding smoother and avoids confusion.
See this article to learn more about default and optional permissions.