cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
HayleyECC
Frequent Visitor

Authentication error when running 'Add user to Group' and 'Remove member from Group'

I have built a flow which extracts 'Action', 'User' and 'Group' variables from an incoming email to inform the 'Add user to Group' or 'Remove member from Group' step (depending on the 'Action' variable).  However, when I run the flow, it fails at the AAD step with the following error:

{
"error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "9a3f88eb-c7a8-47ee-82b2-216502273f58",
      "date": "2019-11-07T13:59:47"
    }
  }
}

If we give the service account admin rights it will be subject to MFA, is there any way around that?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Hello @HayleyECC 

Is the Connection you are using for that action "Add user to AAD group" a owner for that group?

 

The connection you are using for that action must be a owner in that AD group.

 

Thanks, hope this helps!

 

-Josh


Did I answer your question? Mark my post as a solution!

If you like my post please hit the Thumbs Up


Proud to be a Flownaut!


Check out my blog for Power Automate tips,
tricks, and guides
FlowAltDelete





View solution in original post

5 REPLIES 5
Pstork1
Dual Super User III
Dual Super User III

Since Admin rights are required to perform those actions there is no way to get around having admin rights for that connection.  However the MFA should only hit when you first run the Flow.  Once the connection is established I don't think you will get re-prompted for MFA.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Thank you - will give it a try! 🙂

 The service account now has the 'User Management Administrator' role and is registered for MFA, but I'm getting the same error in the 'Add user to group' step.... any suggestions/ideas appreciated.  Thanks.

Hello @HayleyECC 

Is the Connection you are using for that action "Add user to AAD group" a owner for that group?

 

The connection you are using for that action must be a owner in that AD group.

 

Thanks, hope this helps!

 

-Josh


Did I answer your question? Mark my post as a solution!

If you like my post please hit the Thumbs Up


Proud to be a Flownaut!


Check out my blog for Power Automate tips,
tricks, and guides
FlowAltDelete





View solution in original post

HayleyECC
Frequent Visitor

That's sorted it - thank you!

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Users online (4,257)