cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
HayleyECC
Frequent Visitor

Authentication error when running 'Add user to Group' and 'Remove member from Group'

‎11-08-2019 03:11 AM

I have built a flow which extracts 'Action', 'User' and 'Group' variables from an incoming email to inform the 'Add user to Group' or 'Remove member from Group' step (depending on the 'Action' variable).  However, when I run the flow, it fails at the AAD step with the following error:

{
"error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "9a3f88eb-c7a8-47ee-82b2-216502273f58",
      "date": "2019-11-07T13:59:47"
    }
  }
}

If we give the service account admin rights it will be subject to MFA, is there any way around that?

 

Thanks.

Labels:
Message 1 of 6
705 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Jcook
Super User
Super User
In response to HayleyECC

‎11-08-2019 08:26 AM

Hello @HayleyECC 

Is the Connection you are using for that action "Add user to AAD group" a owner for that group?

 

The connection you are using for that action must be a owner in that AD group.

 

Thanks, hope this helps!

 

-Josh


Did I answer your question? Mark my post as a solution!

If you like my post please hit the Thumbs Up

Proud to be a Flownaut!


Check out my blog for Power Automate tips,
tricks, and guides
FlowAltDelete





View solution in original post

Message 5 of 6
689 Views
5 REPLIES 5
Pstork1
Dual Super User
Dual Super User

‎11-08-2019 04:34 AM

Since Admin rights are required to perform those actions there is no way to get around having admin rights for that connection.  However the MFA should only hit when you first run the Flow.  Once the connection is established I don't think you will get re-prompted for MFA.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Message 2 of 6
700 Views
HayleyECC
Frequent Visitor
In response to Pstork1

‎11-08-2019 04:47 AM

Thank you - will give it a try! 🙂

Message 3 of 6
694 Views
0 Kudos
HayleyECC
Frequent Visitor
In response to HayleyECC

‎11-08-2019 06:54 AM

 The service account now has the 'User Management Administrator' role and is registered for MFA, but I'm getting the same error in the 'Add user to group' step.... any suggestions/ideas appreciated.  Thanks.

Message 4 of 6
691 Views
0 Kudos
Jcook
Super User
Super User
In response to HayleyECC

‎11-08-2019 08:26 AM

Hello @HayleyECC 

Is the Connection you are using for that action "Add user to AAD group" a owner for that group?

 

The connection you are using for that action must be a owner in that AD group.

 

Thanks, hope this helps!

 

-Josh


Did I answer your question? Mark my post as a solution!

If you like my post please hit the Thumbs Up

Proud to be a Flownaut!


Check out my blog for Power Automate tips,
tricks, and guides
FlowAltDelete





Message 5 of 6
690 Views
HayleyECC
Frequent Visitor
In response to Jcook

‎11-12-2019 11:51 AM

That's sorted it - thank you!

Message 6 of 6
657 Views
0 Kudos

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

PA Survey Carousel Image.png

We want to hear from you!

If you are a small business ISV/Reseller, share your thoughts with our research team.

View All
Users online (1,953)