Permission Issue on Azure

Which IIQ version are you inquiring about?

Identityiq 8.3p2

Share all details about your problem, including any error messages you may have received.

Hello All,
We tried creating guest user account from sailpoint, but we are this below error, we have provided “Guest Inviter” and “User Administrator” Roles and tested.

sailpoint.connector.ConnectorException: Exception occurred. Error message - HTTP not ended OK. Response Code - 401 Error - Insufficient privileges to perform requested operation by the application ‘00000003-0000-0000-c000-000000000000’. ControllerName=MSGraphInviteAPI, ActionName=CreateInvite, URL absolute path=/api/4d55f0a0-4538-56f1-2c3f-a124fa562cbd/invites

Is there any other permission we need to provide or anything else we need to configure for this in Azure Tenant, Please help on this.

Thank you.

Check Required API Permissions in Azure AD : grant permissions

• User.ReadWrite.All
• Directory.ReadWrite.All
• Directory.AccessAsUser.All

RoleManagement.ReadWrite

User.Invite.All

User.Read

User.Read.All

User.ReadWrite.All

We have assigned this permissions in our tenant

permissions like User.Invite.All and User.ReadWrite.All usually require Admin Consen

Yeah it has been given, so if we give directory permissions that you mentioned the issue still get resolved right?

yes dharshini
let us have a try

Thank you for the reply, will try this.

Hi @Chaithu9110 ,

Seems like Directory permissions are high level permission, but we want only for guest users creation why should we provide these permissions?.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.