Free Tool · Entra ID

Consentra

OAuth2 Consent Analyzer for Microsoft Entra ID. Identify risky delegated permissions, unknown third-party apps, and stale consents across your tenant.

Risk ClassificationCritical / Elevated / Low scope impact per app
Vendor DetectionMicrosoft · 3rd Party · Home Tenant identification
Stale App DetectionEntra ID recommendation engine integration
Per-User Consent LinksDirect Azure portal links to remove individual assignments
PS Revoke CommandsOne-click copy of Remove-MgOauth2PermissionGrant
ExportSelf-contained interactive HTML report + CSV export
Generate Report

How it works

01
OAuth2 Delegated Auth Clicking the button redirects you to Microsoft login. You authenticate with your Entra ID account — Consentra never sees your password or credentials.
02
Read-Only Graph Access After sign-in, Microsoft issues a short-lived access token scoped to Directory.Read.All and Application.Read.All. No write permissions are requested.
03
Everything stays in your browser All Graph API calls are made directly from your browser. Tenant data, tokens, and the generated report never touch any whennotif.io server — the report is built client-side as a Blob URL.
04
No persistence The access token lives only for the duration of the browser session. Closing the tab discards everything. No data is logged, stored, or transmitted anywhere.