![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 60%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello Soumen Nandy,
A 403 (Forbidden) error during user creation in Microsoft Entra ID indicates that the request was blocked due to insufficient privileges on the account performing the action. Entra ID allows only accounts with specific administrative roles to create or manage users.
Common roles that allow user creation include:
- User Administrator
- Global Administrator
- Privileged Role Administrator
If a user without these roles attempts to create users (via the Azure portal, PowerShell, CLI, or Microsoft Graph), the request is denied and results in a 403 error.
In this case, once the required admin role was assigned to the account, the permissions were updated and the user creation operation worked as expected. This confirms that the issue was permission-related rather than a service or configuration problem.
If everything is functioning correctly now, this can be treated as resolved.
If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.