Are you sure you set the right perms for the app?
Looking at the SN documentation, application perms for the tasks that modify objects are prob needed so the delegated permissions the user has shouldnt come into play:https://docs.servicenow.com/bundle/rome-servicenow-platform/page/administer/integrationhub/concept/microsoft-azure-ad-spoke.html
MS Graph and Privelige escalation
We are in the process if implementing an integration between Service Now and Azure AD using the Azure Spoke integration in Service now. The target AD however is under Premium P2 using PIM.
Have implemented the app in AD and assigned API permissions as per the Service Now documentation but have found that the integration really only works if the user executing the process from service now already has elevated privileges under PIM, otherwise the integration fails with "forbidden action" being returned from Graph.
Seeking some guidance on what is the best way to carry out this integration with Graph when PIM is in the picture .. are additional permissions required in the Azure app registration or can privilege elevation be done on through a Graph call. Ideally, we want to avoid having to register the service now users under PIM.
Any guidance would be appreciated, thanks in advance.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
1 answer
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2022-06-16T11:25:08.09+00:00