UserAdd onbehalf permission graphAPI accessPackageAssignmentRequests

Prasuna kakani 6 Reputation points

I have tried graph api

however Admin Add is working with Client credentails flow,
I want the UserADD requestType to be performed so that approval process should go as usual and this needs to be executed on hehalf using a service prinicpal or so.
Can any one help here.

This is my request body

"requestType": "UserAdd",

I am getting error when i try to go in that direction,

"error": {
"code": "",
"message": "[{\"Code\":\"PolicyOnBehalfCheckFailed\",\"Detail\":\"Policy with this request does not allow the requested target.\"}]",
"innerError": {
"date": "2021-07-07T11:54:09",
"request-id": "",
"client-request-id": ""

Microsoft Graph Identity API
Microsoft Graph Identity API
A Microsoft API to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization, and, if you are a Cloud Solution Provider (CSP), managing your customer's data.
272 questions
Azure Active Directory Priviledged Identity Management
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 66,601 Reputation points MVP

    If you are using the same policyId it wont work, as you cannot have the same policy configured for both user assignments and admin assignments. You'll need to create a new policy for the same Access package with the corresponding setting.