UserAdd onbehalf permission graphAPI accessPackageAssignmentRequests

Prasuna kakani 6 Reputation points

I have tried graph api

however Admin Add is working with Client credentails flow,
I want the UserADD requestType to be performed so that approval process should go as usual and this needs to be executed on hehalf using a service prinicpal or so.
Can any one help here.

This is my request body

"requestType": "UserAdd",

I am getting error when i try to go in that direction,

"error": {
"code": "",
"message": "[{\"Code\":\"PolicyOnBehalfCheckFailed\",\"Detail\":\"Policy with this request does not allow the requested target.\"}]",
"innerError": {
"date": "2021-07-07T11:54:09",
"request-id": "",
"client-request-id": ""

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,024 questions
Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 91,276 Reputation points MVP

    If you are using the same policyId it wont work, as you cannot have the same policy configured for both user assignments and admin assignments. You'll need to create a new policy for the same Access package with the corresponding setting.