cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
HayleyECC
Frequent Visitor

Authentication error when running 'Add user to Group' and 'Remove member from Group'

I have built a flow which extracts 'Action', 'User' and 'Group' variables from an incoming email to inform the 'Add user to Group' or 'Remove member from Group' step (depending on the 'Action' variable).  However, when I run the flow, it fails at the AAD step with the following error:

{
"error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "9a3f88eb-c7a8-47ee-82b2-216502273f58",
      "date": "2019-11-07T13:59:47"
    }
  }
}

If we give the service account admin rights it will be subject to MFA, is there any way around that?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Hello @HayleyECC 

Is the Connection you are using for that action "Add user to AAD group" a owner for that group?

 

The connection you are using for that action must be a owner in that AD group.

 

Thanks, hope this helps!

 

-Josh


Did I answer your question? Mark my post as a solution!

If you like my post please hit the Thumbs Up


Proud to be a Flownaut!


Check out my blog for Power Automate tips,
tricks, and guides
FlowAltDelete





View solution in original post

5 REPLIES 5
Pstork1
Dual Super User III
Dual Super User III

Since Admin rights are required to perform those actions there is no way to get around having admin rights for that connection.  However the MFA should only hit when you first run the Flow.  Once the connection is established I don't think you will get re-prompted for MFA.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Thank you - will give it a try! 🙂

 The service account now has the 'User Management Administrator' role and is registered for MFA, but I'm getting the same error in the 'Add user to group' step.... any suggestions/ideas appreciated.  Thanks.

Hello @HayleyECC 

Is the Connection you are using for that action "Add user to AAD group" a owner for that group?

 

The connection you are using for that action must be a owner in that AD group.

 

Thanks, hope this helps!

 

-Josh


Did I answer your question? Mark my post as a solution!

If you like my post please hit the Thumbs Up


Proud to be a Flownaut!


Check out my blog for Power Automate tips,
tricks, and guides
FlowAltDelete





View solution in original post

HayleyECC
Frequent Visitor

That's sorted it - thank you!

Helpful resources

Announcements
2022 Release Wave 1 760x460.png

2022 Release Wave 1 Plan

Power Platform release plan for the 2022 release wave 1 describes all new features releasing from April 2022 through September 2022.

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

User Group Leader Meeting January 768x460.png

Calling all User Group Leaders!

Don't miss the User Group Leader meetings on January, 24th & 25th, 2022.

Top Solution Authors
Top Kudoed Authors
Users online (2,668)