I’ve setup the Microsoft Entra (SaaS) Connector with an Entra app registration having an active assignment to the Global Administrator role. Yet when trying to create an account, it fails with the not-so-specific error [ConnectorError] Error occurred in create user: Response Code - 403 Error - Insufficient privileges to complete the operation. The connector doc doesn’t say what Entra permissions are required, but the Global Administrator role gives full permissions across Entra. Any idea what operation the error was trying when it reported insufficient privileges, or what privileges the connector should have? Has anybody successfully created new accounts with the connector?
Hi Thad,
Check this one
Have you tried after removing all the risk related attributes from account schema?
By chance is this a hybrid AD/Entra setup where accounts are sync’d from your on-prem AD? If so that might have something to do with it, but IDK a ton about how that all works.
Hi Mark, thanks for your input. We normally have new users (employees) created in on-prem AD and sync’d to Entra. However, in this case I am trying to create an arbitrary new user directly in Entra.
Thank you for that tip, Kamil. It looks like the documentation is for the Azure Active Directory connector only with AAD’s new name Entra ID. The documentation involves setting up IQService, which is not part of the Entra connector. In any case, the list of app registration permissions required is helpful.
Yes, thank you Abhinav.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.