Are you sure you set the right perms for the app?
Looking at the SN documentation, application perms for the tasks that modify objects are prob needed so the delegated permissions the user has shouldnt come into play:https://docs.servicenow.com/bundle/rome-servicenow-platform/page/administer/integrationhub/concept/microsoft-azure-ad-spoke.html
MS Graph and Privelige escalation
We are in the process if implementing an integration between Service Now and Azure AD using the Azure Spoke integration in Service now. The target AD however is under Premium P2 using PIM.
Have implemented the app in AD and assigned API permissions as per the Service Now documentation but have found that the integration really only works if the user executing the process from service now already has elevated privileges under PIM, otherwise the integration fails with "forbidden action" being returned from Graph.
Seeking some guidance on what is the best way to carry out this integration with Graph when PIM is in the picture .. are additional permissions required in the Azure app registration or can privilege elevation be done on through a Graph call. Ideally, we want to avoid having to register the service now users under PIM.
Any guidance would be appreciated, thanks in advance.
1 answer
Sort by: Most helpful
-
Andy David - MVP 141.5K Reputation points MVP
2022-06-16T11:25:08.09+00:00