Help with Flow Designer: Automating Microsoft Entra ID (Azure) MFA Reset via Graph API

SS1510 · 3 weeks ago

Hi ,

I am developing an automated MFA reset process using Flow Designer and a Custom Action with the Microsoft Graph API. The goal is to allow users to request an MFA reset via the Service Catalog, which then triggers a flow to delete their existing MFA methods in Entra ID, forcing a re-registration.

Current Setup:

Custom Action: Uses a REST step to GET v1.0/users/{userEmail}/authentication/methods.
Script Step: Parses the JSON response into an Array.String of IDs.
Flow Logic: Uses a For Each loop to iterate through the IDs.
Delete Step: A second REST call to DELETE v1.0/users/{userEmail}/authentication/methods/{methodId}.

The Issue:
I am consistently receiving a 403 Forbidden (accessDenied) error during the test run, even after refreshing the OAuth token.

Is there anyone who has work on the same requirement , Any advice on the flow logic or the Azure permission side would be greatly appreciated!

Tanushree Maiti · 3 weeks ago

Hi @SS1510

A 403 Forbidden (accessDenied) error encountered while deleting Entra ID MFA methods is usually caused by insufficient Microsoft Graph API permissions .

Check with Azure team for the required permission. I do not think Azure team will allow to delete the method from their end as it is kind of highest privilege. Still please check with them.

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti