Microsoft SSO for Organizations
If your employees use Microsoft 365 work accounts, an IT administrator may need to approve Bümpis before they can sign in. This guide explains how to enable Microsoft SSO for your organization.
Why is admin approval required?
Many organizations restrict which third-party applications can access employee accounts. This is a security feature. When an employee tries to sign in to Bümpis with their work Microsoft account, they may see an error like "Need admin approval" or "AADSTS65001".
Option 1: Grant Admin Consent (Recommended)
The simplest way to enable Bümpis for your organization is to grant admin consent. This allows all users in your organization to sign in.
Sign in to Azure Portal
Go to portal.azure.com as a Global Administrator or Application Administrator.
Navigate to Enterprise Applications
Go to Azure Active Directory → Enterprise Applications → All Applications
Find Bümpis
Search for "Bümpis" in the application list. If it doesn't appear, it will be added automatically after the first user attempts to sign in.
Grant Admin Consent
Click on the Bümpis application, go to Permissions in the left sidebar, and click Grant admin consent for [Your Organization]. Review the permissions and click Accept.
Option 2: Assign Specific Users
If your organization requires explicit user assignment to applications:
- In the Bümpis Enterprise Application settings
- Go to Users and groups
- Click Add user/group
- Select the users or groups who should have access
Option 3: Enable User Consent
If you want to allow users to consent to applications themselves:
- Go to Azure Active Directory → Enterprise Applications → Consent and permissions
- Under "User consent settings", choose one of:
- Allow user consent for apps (least restrictive)
- Allow user consent for apps from verified publishers
Common Error Messages
| Error | Solution |
|---|---|
| AADSTS65001 | User needs admin approval. Grant admin consent (Option 1). |
| AADSTS50105 | User not assigned to the app. Assign the user (Option 2). |
| Consent_Required | Admin consent is required. Grant admin consent (Option 1). |
| Need admin approval | Organization blocks user consent. Grant admin consent (Option 1). |
Permissions Bümpis Requests
Bümpis requests minimal, read-only permissions:
- User.Read — Read user's basic profile
- email — Access user's email address
- profile — Access user's name and profile picture
- openid — Standard OpenID Connect sign-in
These permissions do not allow Bümpis to access emails, calendars, files, or other organizational data. We only read basic profile information for sign-in purposes.