UserAdd onbehalf permission graphAPI accessPackageAssignmentRequests

Prasuna kakani 6 Reputation points
2021-07-07T12:14:19.627+00:00

I have tried graph api https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests

however Admin Add is working with Client credentails flow,
I want the UserADD requestType to be performed so that approval process should go as usual and this needs to be executed on hehalf using a service prinicpal or so.
Can any one help here.

This is my request body

{
"requestType": "UserAdd",
"accessPackageAssignment":{
"targetId":"",
"assignmentPolicyId":"",
"accessPackageId":""
},
"justification":""
}

I am getting error when i try to go in that direction,

{
"error": {
"code": "",
"message": "[{\"Code\":\"PolicyOnBehalfCheckFailed\",\"Detail\":\"Policy with this request does not allow the requested target.\"}]",
"innerError": {
"date": "2021-07-07T11:54:09",
"request-id": "",
"client-request-id": ""
}
}
}

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,523 questions
Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 109.9K Reputation points MVP
    2021-07-07T12:46:27.077+00:00

    If you are using the same policyId it wont work, as you cannot have the same policy configured for both user assignments and admin assignments. You'll need to create a new policy for the same Access package with the corresponding setting.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.