Microsoft Azure AD-Error adding user to group-Method failed: 403 - Forbidden username/password combo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2022 10:44 PM
Hi,
I am trying to add an existing user to an existing Azure AD group using their respective IDs via flow action "Add User To Group". Though the user and group exist (and the user is created by another action which means it is not an authentication issue), I can't add this newly created user to the group and get the following error.
----------------------
Error Message - 'Method failed: (/v1.0/groups/<Azure AD Group ID>/members/$ref) with code: 403 - Forbidden username/password combo'
---------------------
The error description matches SN KBA https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0823811. However, I find that some context is missing the KBA and I am unable to make the suggested resolution work for me.
Seeking suggestions/fix to this issue.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2023 02:55 AM
Hello @Rahul Singh6,
I am experiencing the same issue. Were you able to resolve it? Any assistance you can provide would be highly appreciated. Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2023 04:45 AM
Hello Santvana, This error is received due to inadequate permissions on the Azure side of the connection.
Please ensure that the app registration API permissions within Azure e.g. Directory.ReadAll etc are added with type = Application to allow this application (ServiceNow) to user Azure resources.
Please also ensure that in ServiceNow Microsoft Azure AD Profile has "Grant Type = Client Credentials".
This is how it worked for me! Good luck 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2023 05:30 AM
Thank You for your response @Community Alums. However, we have delegated permissions granted. So the grant type is authorization code, and we have added all the said permissions as per ServiceNow document--
But still getting the same error as mentioned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2023 11:56 AM
Hello,
I was able to add user to group with delegated permission. The fix was that some role, in my case I added "Group Administrator" role to the calling user and it worked. Since we are using delegated permissions so it wont work unless you add some role to the calling/integration user.
Hope this solution helps for others.
