Why does this error happen?
In Microsoft 365 and Entra environments, an external app needs admin consent before it can access organization accounts. Until that consent is granted, people in your organization can’t sign in to Tiro. Share the steps below with your security team or IT admin.
How an admin grants consent
You need a Microsoft Entra admin account. A regular user account can’t complete this.
Option 1. Grant consent with the admin consent link (recommended)
- Open this link: Admin consent URL
- Sign in with a Microsoft Entra admin account.
- Review the list of requested permissions, then select Accept.
| Permission | Purpose |
|---|
| openid, profile, email | Account authentication and basic profile |
| User.Read | Read the user profile |
| offline_access | Keep the session alive |
| Calendars.Read | Calendar integration (optional feature) |
Option 2. Grant consent directly in the Azure portal
- Sign in to the Azure portal with an admin account.
- Go to Azure Active Directory → Enterprise applications.
- In the search box, enter Tiro or the application ID
d9eb8e0b-ca82-45f7-b2b5-cb697ae94639.
- Select the app → Permissions → Grant admin consent.
Confirm after consent
In Entra → Enterprise applications → select the Tiro app → Users and groups, confirm that people in your organization can use the Tiro app.
Common errors
| Error | Cause | Fix |
|---|
| AADSTS650052 | The app isn’t registered in this tenant | Run admin consent |
| AADSTS700016 | The application ID can’t be found, or the redirect URI doesn’t match | Copy and use the admin consent URL exactly as given |
| Sign-in works but no info loads | API permissions aren’t fully consented | Run admin consent again, or check the Permissions tab |
Tiro enterprise app details
| Item | Value |
|---|
| App name | Tiro |
| Application ID (Client ID) | d9eb8e0b-ca82-45f7-b2b5-cb697ae94639 |
| Redirect URI | https://tiro.ooo |
Related pages: Account FAQ · Frequently asked questions
