'The user is not authorized to access this resource' error in Azure resetPassword

Erika Papp (Winformatics) 25 Reputation points
2023-07-14T07:50:40.1733333+00:00

Hi,

I would like to reset a user password using Power Automate Flow, but I get an error.

First step: Get the token: https://login.microsoftonline.com/{id}/oauth2/v2.0/token

Second step: Get the method: https://graph.microsoft.com/beta/users/{userprincipal}/authentication/passwordMethods

Third step: Reset Password: https://graph.microsoft.com/v1.0/users/{userprincipal}/authentication/passwordMethods/{id}/resetPassword

I always get the following error when call resetpassword:

"code": "accessDenied",
"message": "The user is not authorized to access this resource.",

I have the following API permissions in the App registration:

User's image

The user logged in Power Automate has the following rights:

User's image

Thank you.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,000 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 29,746 Reputation points Microsoft Employee
    2023-07-17T09:55:58.1633333+00:00

    Hi @Erika Papp (Winformatics) ,

    Thanks for reaching out.

    Are you trying to reset the password of self-account? User is not allowed to reset password of his own account.

    User's image

    You would require UserAuthenticationMethod.ReadWrite.All delegated permission to call this API. As per your screenshot permission is added. Could you please decode the token using jwt.ms to check whether you have this permission in your access token too.

    You can get the authentication method id using https://graph.microsoft.com/beta/users/{userprincipal}/authentication/passwordMethods

    User's image

    Then you can use the id you get in response in response to reset the password.

    User's image

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.

  2. CarlZhao-MSFT 41,941 Reputation points
    2023-07-18T09:57:14.73+00:00

    Hi @Erika Papp (Winformatics)

    • Make sure the target user is not a federated user, since federated users don't have credentials in your tenant and should change their passwords in their home tenant.
    • If you are changing the password of a global administrator user in an application-only context, your application service principal must also be a global administrator.

    4

    After the above two points are met, you will be able to call the /Update user API endpoint to change the password of the target user:

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.