Azure AD Spoke- Add user to Group action is not working

saranyavs
Tera Expert

‎10-10-2023 02:56 AM

Hi Team,

 

We have setup the Azure AD connection and all, L'ook Up user' and 'Lookup group' actions are working fine, But getting below error when testing 'Add user to Group' action.

=====================================

{"Action Status": {
"code": 1,
"message": "Error: Forbidden Request. Please Check Oauth Token and scope permission. (Process Automation.b88d792d1bb1b510fb427c95464bcb7c; line 6)"
}}

=====================================

For SPN, we had given below permissions as both delegate and application level.

saranyavs_0-1696931675764.png

 

Please help to resolve the issue, any other access is required?

 

Regards,

Saranya VS

  • 1,104 Views
5 REPLIES 5

V S Jithendra K
Tera Contributor
In response to AtharvJoshi

‎06-12-2025 04:25 AM

Hi @AtharvJoshi ,

 

After doing thorough analysis, i found that the issue i have faced is due to the expiry of access token. Usually "access token" is valid for 1 hour and has to be regenerated every hour before it gets expired.

 

Go to the table "oauth_credential" and filter with "Name=Microsoft Entra ID Spoke OAuth". There should be 2 records with Type as "Access Token" & "Refresh Token" respectively. Check the "Expires" column and make sure that both are active and not expired.

 

I have followed the below mentioned article to auto generate access token every hour to overcome the issue:

 

https://www.servicenow.com/community/developer-articles/auto-refresh-oauth-access-token/ta-p/3054522

 

Feel free to get back if you have any further questions.

 

Please mark the answer as Helpful if this solution solves your issue!

 

~Jithendra.

0 Helpfuls