This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have tried graph api https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests
however Admin Add is working with Client credentails flow,
I want the UserADD requestType to be performed so that approval process should go as usual and this needs to be executed on hehalf using a service prinicpal or so.
Can any one help here.
This is my request body
{
"requestType": "UserAdd",
"accessPackageAssignment":{
"targetId":"",
"assignmentPolicyId":"",
"accessPackageId":""
},
"justification":""
}
I am getting error when i try to go in that direction,
{
"error": {
"code": "",
"message": "[{\"Code\":\"PolicyOnBehalfCheckFailed\",\"Detail\":\"Policy with this request does not allow the requested target.\"}]",
"innerError": {
"date": "2021-07-07T11:54:09",
"request-id": "",
"client-request-id": ""
}
}
}
If you are using the same policyId it wont work, as you cannot have the same policy configured for both user assignments and admin assignments. You'll need to create a new policy for the same Access package with the corresponding setting.
Different policy means , i have configured the users not in directory and users in directory.
I have tried both of them , still onbehalf is failed with "UserAdd" action
Need some pointers around this...
I am trying with App - Client crentials flow for the same action.