3. Click this link once populated and authenticate the login. At this point, you may get a '404' Halo page:
Don't worry about this - the permissions should have updated correctly.
4. Delete the tenant mapping from the CSP configuration & re-import. This will ensure the tenant is imported with the most recent permissions.
5. Go to the Azure Application page for the CSP application and add the user_impersonation permission back into the application and Save.
If you have mapped all of the Customers/Tenants into HaloPSA but need to generate the link to satisfy the GDAP requirement we have a report available in the Online Repository called "GDAP Admin Consent" that can list the URLs you need to use.