This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 88%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
We are in the process if implementing an integration between Service Now and Azure AD using the Azure Spoke integration in Service now. The target AD however is under Premium P2 using PIM.
Have implemented the app in AD and assigned API permissions as per the Service Now documentation but have found that the integration really only works if the user executing the process from service now already has elevated privileges under PIM, otherwise the integration fails with "forbidden action" being returned from Graph.
Seeking some guidance on what is the best way to carry out this integration with Graph when PIM is in the picture .. are additional permissions required in the Azure app registration or can privilege elevation be done on through a Graph call. Ideally, we want to avoid having to register the service now users under PIM.
Any guidance would be appreciated, thanks in advance.
Are you sure you set the right perms for the app?
Looking at the SN documentation, application perms for the tasks that modify objects are prob needed so the delegated permissions the user has shouldnt come into play:https://docs.servicenow.com/bundle/rome-servicenow-platform/page/administer/integrationhub/concept/microsoft-azure-ad-spoke.html
Thanks for the reply. yes I have checked the app permissions and they are set as per the documentation but I am still receiving the same error. This occurs when the flow is set to run as either the system user or logged in user in Service Now.