403 Error with Microsoft Entra SaaS Connector – Works with VA-Based Azure AD Connector

shubhamsingh4 · September 15, 2025, 7:02pm

Hi Team,

I’m encountering a 403 error when using the Microsoft Entra SaaS connector in SailPoint Identity Security Cloud. Interestingly, the same configuration works perfectly when using the VA-based Azure Active Directory connector.

Environment Details:

Connector Type: Microsoft Entra (SaaS)
Authentication: Client Credentials (Client ID & Secret)
Role Assigned: Global Administrator
VA-Based Connector Status: Successful connection and operations
SaaS Connector Status: Fails with 403 error

Carlatto · September 15, 2025, 8:05pm

Are you using the same client credentials between the VA and SAAS sources? If they are the same, do you have any Conditional Access Policies?

Perhaps a Conditional Access Policy that blocks Graph access from unknown IPs? Or from non-company machines?

Topic		Replies	Views
Microsoft Entra ID (SaaS) Connector giving error ISC Discussion and Questions identity-security-cloud , connectors	18	302	April 7, 2025
Source Entra SaaS vs Azure AD with VA - One in Success and One in Error ISC Discussion and Questions identity-security-cloud , connectors	3	50	June 27, 2025
Microsoft SaaS Entra ID connector ISC Discussion and Questions saas-connector , identity-security-cloud , provisioning	4	42	August 13, 2025
ISC - Blocked by HTTP 403 – Need Help Troubleshooting Dynamics 365 F&O SaaS Test Connection Error ISC Discussion and Questions saas-connector , identity-security-cloud , connectors	1	44	September 2, 2025
Azure Entra ID connector ends aggregation with 403 error ISC Discussion and Questions aggregation , identity-security-cloud , provisioning , connectors	3	103	December 1, 2024

403 Error with Microsoft Entra SaaS Connector – Works with VA-Based Azure AD Connector

Environment Details:

Related topics