Generating a TAP with the Microsoft Graph API from a SailPoint Workflow

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi everyone,

We’re trying to generate a Temporary Access Password (TAP) for a Microsoft Entra account using the Microsoft Graph API within a SailPoint workflow. The issue arises when making the HTTP request to the API.

We’re using OAuth 2.0 for authentication, with the following details:

  • Token URL: https://login.microsoftonline.com/{{Tenant ID}}/oauth2/v2.0/token
  • Client ID and Client Secret These credentials were configured in the Connection Settings for the Microsoft Entra source for which we want to generate the TAP.
  • API URL to generate TAP: https://graph.microsoft.com/v1.0/users/{{USER ID}}/authentication/temporaryAccessPassMethods
  • Method: POST
  • Header: The only header parameter is Content-Type: application/json.

Despite following the Microsoft Graph API documentation, we get an “Error request failed” with no further details on the cause. We’ve tried using different formats for client_id, client_secret, and scope in the request body, but still no success.

Has anyone faced a similar issue or have suggestions on what might be missing in the request? Any help would be appreciated!

Thanks!

2

I would scope this out in POSTMAN first and be comfortable it is working.

did you have a payload to send with the details above, some thing like

{
“startDateTime”: “2024-11-25T00:00:00.000Z”,
“lifetimeInMinutes”: 60,
“isUsableOnce”: false
}

4

Apparently, I have solved the problem. I found this other post Workflow to trigger Entra ID Revoke Sessions that explained the error, and thanks to that, I was able to get the success message.

Thanks and regards,
Antonio.