If the Global Admin or Privileged Role Admin selected Consent on behalf of your organization during the initial sign-in, access to Nexetic Backup - the application responsible for authentication and single sign-on (SSO) - is automatically granted to all users for login purposes. If Consent on behalf of your organization was not selected, access is limited to the individual admin account that completed the sign-in - not to the entire tenant. As a result, other users won’t automatically have access to Nexetic Backup application. To allow application access, refer to this article.
However, please note that access to Entra ID backup itself remains restricted to Global Admins and Privileged Role Admins by default. To enable access for other users, their permissions must be elevated through Nexetic’s Role-Based Access Control (RBAC) by changing their role from No Access to Full Access within the Nexetic system. Refer to the Support Article How to assign admin roles in Entra ID Backup.
✅ How to Grant Application Access to Non-Admin users in Microsoft Entra
Admins can grant access using either of the following methods:
Option 1: Manually Assign Users (if user assignment is required)
1. Go to Entra ID → Enterprise Applications → Nexetic Backup
⚠️Important:
The Nexetic Backup for Entra ID application is used exclusively for running backup operations. It does not support user login or single sign-on (SSO).
When assigning users for authentication and SSO access, make sure to select the correct Nexetic Backup application:
Nexetic Backup - Application ID: facd4a2d-cbd2-4095-bfa8-ac9c819f843e
2. Assign users and groups to the application:
- Click 1. Assign users and groups to specify which users or groups should have access to the app.
- Then click Add user/group.
- In the dialog that appears:
- Select the desired users and/or user groups.
- Choose a role (e.g., Default Access).
- Click Assign to grant the selected user(s) access to the application via the chosen app role.
Option 2: Re-consent to the Application
A. Re-consent Without Revoking
- Have the admin sign in to the Nexetic Backup app again.
- Ensure the Consent on behalf of your organization checkbox is selected.
- If consent was already granted, the checkbox may not appear. In that case, if necessary, proceed to Option B.
B. Remove and Re-add the Service Principal
- Go to Entra Admin Center → Enterprise Applications → App: Nexetic Backup (Application ID: facd4a2d-cbd2-4095-bfa8-ac9c819f843e) → Properties
- Click Delete to remove the app and revoke all admin consent.
- Re-add the app via the app gallery or registration.
- When prompted, select Consent on behalf of your organization to apply tenant-wide access.
➡️ This action removes all user assignments. You'll need to reassign users afterward.
⚠️Note: By default, only Global Admins and Privileged Role Admins have access to Entra ID backup. To enable access for other users, permissions must also be granted through Nexetic’s Role-Based Access Control - this means upgrading their role from No Access to Full Access within the Nexetic system. Please refer to the instructions here.