I'm trying to use the Sample Graph API app to change a user's password but I'm getting:
Error Calling the Graph API Response:
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
Graph API Request:
PATCH /mytenant.onmicrosoft.com/users/some-guid?api-version=1.6 HTTP/1.1
client-request-id: ffd564d3-d716-480f-a66c-07b02b0e32ab
date-time-utc: 2017.08.10 03:04 PM
JSON File
{
"passwordProfile": {
"password": "Somepassword1$",
"forceChangePasswordNextLogin": false
}
}
I've tested updating the user's displayName
and that works fine.
{
"displayName": "Joe Consumer"
}
AD Application Permissions
I've configured my app permissions as described here.
Try below settings, works for me.
Used the below JSON
Also make sure you assign the application the user account, administrator role which will allow it to delete users link here
Check out this article. Seems like it has the same symptoms.
Solution 1:
If you are receiving this error when you call the API that includes only read permissions, you have to set permissions in Azure Management Portal.
Solution 2:
If you are receiving this error when you call the API that includes
delete
orreset password
operations, that is because those operations require the Admin role ofCompany Administrator
. As of now, you can only add this role via the Azure AD Powershell module.Find the service principal using Get-MsolServicePrincipal –AppPrincipalId
Use Add-MsolRoleMember to add it to
Company Administrator
roleTo connect to your B2C tenant via PowerShell you will need a local admin account. This blog post should help with that, see "The Solution" section.