Administrator consent is βout of rangeβ from your normal authentication flow. To do this, you first need administrator authentication by going to:
https://login.microsoftonline.com/common/adminconsent?<yours params> .
You can specify this link in your application. Usually, you first try to authenticate and submit them using the "Consent to use the protocol" parameter, in which the process fails.
Once the administrator agrees, users will be able to use OAUTH for authentication through a standard endpoint:
https://login.microsoftonline.com/common/oauth2/authorize?<your params>