This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 84%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Hello, I am trying to create a group using the graph api, with an app registration. I've already given an consent all the privileges, but still got the message:
"One or more errors occurred. (Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation. "
Any ideas?
Hi @Gabriel Susin Dall'igna your token does not have permission.
Make sure you've obtained a fresh access token after granting the permissions. You can check the corresponding claims by decrypting the token (jwt.ms site or similar).
Hello, thank you for you answer, I've just tried it here, but still got the same result. The needed permission is for creating groups.
Here is the picture of my API Permissions tab:
Check the actual token. If you need help doing that read here: https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens
I've checked the token, and it has all the permissions that Microsoft say it's needed.
@Gabriel Susin Dall'igna
Thank you for your post!
When it comes to your error message, Insufficient privileges to complete the operation, can you try adding the Delegated permissions (Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All) to see if that resolves your issue? Additionally, you can try running the Create Group API via Graph Explorer to see if that helps too.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
@JamesTran-MSFT Hello James, I've tried adding the delegated permissions but i didn't work either. Using the Graph Explorer, it works when I'm using my user, but in my program I'm using a application authentication. I've seen some Microsoft posts about group creation, and they said that the Teams permissions are needed too, but it also didn't fix my problem. I've tried creating a new enterprise application in Azure, just in case, but nothing. I'm running out of ideas, and that's the final detail for the end of a project, if there's anything else I didn't try, please point it out. Thank you very much for your help.
@Gabriel Susin Dall'igna
Thank you for following up with this!
Based off your screenshot to @Vasil Michev , it looks like you have the correct permissions within your App Registration. However, when walking through this myself using Postman, and an App-only Access Token to create a group, I didn't run into any issues. Can you follow the below steps to see if it helps resolve your issue.
Get App-Only Access Token:
POST https://login.microsoftonline.com/{TenantID}}/oauth2/v2.0/token
Check your Access Token permissions:
Using https://jwt.ms/ Copy & Paste your Access Token and check to see if you have the correct roles:
"roles": [
"Directory.ReadWrite.All",
"Group.Create",
"Group.ReadWrite.All"
],
Create a Group:
Create a Header Key for your Access Token, as needed
POST https://graph.microsoft.com/v1.0/groups
Content-type: application/json
{
"description": "Self help community for library",
"displayName": "Library Assist",
"groupTypes": [
"Unified"
],
"mailEnabled": true,
"mailNickname": "library",
"securityEnabled": false
}
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Hello, after trying all that you said, it was clear that the error wasn't in the permissions. I'm using the api on C#, and trying to create the group with a custom ProxyAddress, after some test and research, it appears not to be possible, even tho when using the graph explorer I can create with the proxyAddresses parameter.
If any of you know of a way to create a group with that value, or even change it after it's created, please let me know. Thank you for your help!
@Gabriel Susin Dall'igna
I'm glad that you were able to resolve your issue and thank you for following up on this!