Error AADSTS7000113 when granting admin consent for AAD Graph API permission

Joeri 1 Reputation point
2021-08-06T07:30:39.233+00:00

We automated the configuring of the API graph permissions for Service principals. In the script we are setting Microsoft graph API permissions as wel as Azure Active Directory graph permission and granting Admin consent on the permissions.

We managed to grant Admin Consent for the Microsoft Graph API permissions.

Granting Admin consent for the Azure Active Directory graph permission throws an error:

"AADSTS7000113: Application '74658136-14ec-4630-ad9b-26e160ff0fc6' is not authorized to make application on-behalf-of calls.

The SPN under which the automated script runs, is Global Administrator and Priviliged Role Administrator

Please help.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,839 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,566 Reputation points
    2021-08-09T10:16:49.21+00:00

    Hello @Joeri ,

    Thanks for reaching out.

    This is limited by design, you cannot use a service principal sign-in to Grant Admin consent for permissions in Microsoft Graph/Azure Active Directory graph to other service principals. Instead, you need to use user identity to granting Admin consent for Service principals

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments