Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,381 questions
We get the 403 forbidden error when changing passwords via an application
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 71%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Steve Tennant
0
Reputation points
We use OpenText (formerly NetIQ) Identity Manager to create and maintain users on AzureAD/Entra, using the OpenText AzureAD Driver. It all works fine except for passwords; we get the 403 Forbidden error when we change a password and the driver stops. We have set many MS Graph API permissions on the registered application including Directory.ReadWrite.All (delegated and application) and Directory.AccessAsUser.All (delegated). The user we connect to AzureAD with is a Global Adminstrator, authentication administrator, user administrator, which is probably overkill. Is there an alternative permission that we need? This is an example of an admin user needing to reset the permission of other users. I am not that familiar with AzureAD so please keep the advice simple.
{count} votes
-
Steve Tennant 0 Reputation points
2024-07-19T14:01:20.79+00:00 Perhaps I should have mentioned that the driver uses the MS Graph API.
Sign in to comment