Microsoft 365 admin: approving Coastline CRM for email and calendar

Why you're seeing this

A teammate using Coastline CRM tried to connect their Microsoft 365 work email or calendar, and Microsoft returned a "Need admin approval" screen. Their connection didn't go through.

This is by design. Your organization's Microsoft 365 settings only allow administrators to approve which third-party applications can access organizational data like mail and calendars. Coastline CRM is a third-party application, so a tenant administrator (you) needs to approve it once. After that, any user you authorize can connect on their own without seeing the screen again.

This article walks through the three ways to grant that approval. Each path takes a few minutes and only needs to be done once per organization.

What Coastline CRM is asking for

Coastline CRM connects to Microsoft 365 so an individual user can send and receive email from their own mailbox, and read and write events on their own calendar, from inside Coastline CRM. The permissions requested are:

• Mail.ReadWrite: read and manage the signed-in user's mail.
• Mail.Send: send mail as the signed-in user.
• User.Read: sign the user in and read their basic profile.
• offline_access: keep the connection alive after the user closes the browser, so scheduled sends and ongoing sync keep working.

If your organization also uses calendar sync, the calendar connection is a separate flow that uses delegated calendar permissions. The same admin approval covers both.

All permissions are delegated, meaning Coastline CRM can only act on behalf of users who have individually signed in and connected their own mailbox. There are no application-level permissions. Coastline CRM cannot read any user's data without that specific user having signed in and connected first.

App identifiers (verify before approving)

So you can confirm you're approving the correct application, here are Coastline CRM's identifiers in the Microsoft identity platform:

• Application name: Coastline CRM
• Application (client) ID: 89894101-7faf-4d00-9815-7d629c0f670a
• Publisher domain: coastlinecrm.com

If the application in your tenant shows different values, stop and email support@coastlinecrm.com before approving.

Option 1: Approve from the Microsoft Entra admin center (recommended)

Use this path if you'd like to review the application in your admin console before granting consent.

1. Sign in to the Microsoft Entra admin center as a Global Administrator or Cloud Application Administrator.
2. Go to Identity → Applications → Enterprise applications.
3. In the All applications list, search for Coastline CRM.
   • If the application doesn't appear, no one in your tenant has triggered a consent prompt yet. Ask the affected user to attempt the connection once. Their failed attempt is enough to register the application in your tenant. Refresh the list and Coastline CRM will appear.
4. Click Coastline CRM to open it.
5. In the left menu, click Security → Permissions.
6. Click Grant admin consent for [your organization].
7. A Microsoft consent screen will appear. Review the requested permissions against the list above and click Accept.
8. The Permissions page will now show the granted permissions with a green check mark. The block is lifted.

Tell the user who hit the original block to retry connecting their email or calendar from inside Coastline CRM. The "Need admin approval" screen will not appear again.

Option 2: Use the admin-consent shortcut link

If you'd rather grant consent in one click without opening the admin center, use this shortcut. You still need to be signed in as a Global Administrator or Cloud Application Administrator.

1. Open this link in a browser session where you're signed in with your administrator account:

   https://login.microsoftonline.com/common/adminconsent?client_id=89894101-7faf-4d00-9815-7d629c0f670a
   

2. Microsoft will show a consent screen listing the requested permissions.
3. Click Accept.
4. You may be redirected to a callback page that looks blank or shows a brief connection message. That is expected. The approval has been recorded against your tenant.
5. Have the affected user retry connecting from inside Coastline CRM.

Option 3: Approve per-user requests instead

If your organization's policy is to keep application consent strictly opt-in per user, you can leave the default block in place and approve each user's request individually. This requires the admin consent request workflow to be enabled on your tenant.

1. Sign in to the Microsoft Entra admin center.
2. Go to Identity → Applications → Enterprise applications → Consent and permissions → Admin consent settings.
3. Confirm that Users can request admin consent to apps they're unable to consent to is set to Yes, and that at least one reviewer is configured.
4. Once this is on, the next time a user hits the "Need admin approval" screen, they will see a Request approval option. When they submit a request, you'll receive an email notification, and the request will appear under Admin consent requests in the admin center.
5. Open the Coastline CRM request, review the permissions, and click Approve. The user will be notified and can retry.

Restrict access to a specific group (optional)

By default, granting consent makes Coastline CRM available to any user in your tenant who tries to connect. To allow only a specific group of users (for example, your sales team) to connect:

1. In the Entra admin center, go to Identity → Applications → Enterprise applications → Coastline CRM.
2. Open Properties in the left menu.
3. Set Assignment required? to Yes and save.
4. Open Users and groups in the left menu.
5. Click Add user/group and assign the people or groups who should be allowed to connect.

Anyone outside the assigned set will be unable to connect.

Revoking access later

If you ever want to disconnect Coastline CRM from your organization:

1. In the Entra admin center, go to Identity → Applications → Enterprise applications → Coastline CRM.
2. Click Delete at the top of the application page.
3. Confirm. All consent grants are revoked and every user in your organization is disconnected.

Individual users can also disconnect their own mailbox or calendar from inside Coastline CRM at any time, without affecting anyone else. Deleting the application at the Entra level cuts the whole organization off at once.

Troubleshooting

The application doesn't appear in Enterprise applications. A user has to trigger the consent prompt at least once for the application to register in your tenant. Ask the affected user to attempt the connection once. The failed attempt is enough. Then refresh the Enterprise applications list.

Clicking the admin-consent shortcut shows "AADSTS90094: The grant requires admin permission." Your browser session is signed in as a non-admin account. Open a private window, sign in there as a Global Administrator, then reopen the shortcut link.

Users still see the approval prompt after consent was granted. Microsoft consent state can take several minutes to propagate. If it persists more than an hour, open the Coastline CRM application in the Entra admin center and check Properties → Assignment required?. If it's set to Yes with no users in Users and groups, that combination silently blocks everyone. Either set Assignment required? to No, or add the affected users.

You want a non-administrator to be able to approve future application requests. In the Entra admin center, go to Identity → Roles & admins and assign the Cloud Application Administrator role to that user. They'll be able to grant consent for any application without needing full Global Administrator rights.

Still stuck?

Reach out to Coastline CRM support at support@coastlinecrm.com and include:

• The error message shown in the Entra admin center, including the AADSTS code if there is one.
• Whether Coastline CRM appears under Enterprise applications.
• Your tenant ID (find it in the Entra admin center under Overview → Tenant ID).

We'll respond within one business day.