Roles required for User provisioning from Azure AD

Magesh Babu1
Tera Contributor

‎08-29-2022 02:34 AM

Hi Team

I have a requirement to integrate Azure AD with ServiceNow for SSO and Automatic User provisioning, as per the Microsoft article, the integration ID should have admin role, this is not safe to provide admin role, could you please let me know how this can be done without admin role to create/update user record from Azure AD

When I just tried with soap roles with ACL added to sys_user table, Azure throws error: Insufficient privilege to create user record

Error code

ServiceNowInsufficientRights

Error message

com.glide.processors.soap.SOAPProcessingException: Insufficient rights for creating new records

Reference article 

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/servicenow-provisioning-tutorial

With Regards 

Magesh

  • 2,774 Views
11 REPLIES 11

Community Alums
Not applicable

‎08-29-2022 02:38 AM

Hi @Magesh Babu ,

It's the "Admin" role only!!

I understand from where you are coming from on this is not safe to provide admin role but ideally, all the organizations has a dedicated team who is responsible for User provisioning and they do have Admin role and so by that you will know who is responsible for anything which goes wrong.

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

Magesh Babu1
Tera Contributor
In response to Community Alums

‎08-29-2022 03:34 AM

@Sandeep Dutta Thanks Sandeep for the prompt response.

The article that I shared is from Microsoft, is there any article from ServiceNow that tell that admin role is required for Azure AD to SN User provisioning?

 

Regards

Magesh

0 Helpfuls

Yousaf
Giga Sage

‎08-29-2022 03:48 AM

Hi Magesh,

Description

Microsoft now offers Microsoft Azure integration to ServiceNow. However, although it is not a ServiceNow product, assistance on the integration sometimes is required.

Note icon Note: Microsoft Azure is not a ServiceNow product. For support, please contact Microsoft Customer Support


Reference : Azure active directory integration with ServiceNow and Auto account provisioning from ServiceNow/Azu...

 

Mark Correct or Helpful if it helps.


***Mark Correct or Helpful if it helps.***
0 Helpfuls

Magesh Babu1
Tera Contributor
In response to Yousaf

‎08-29-2022 04:47 AM

Hi Yousaf

Seems you did not understand my question and support help

Yes it is from Microsoft, I am looking for NOW support to get a solution to avoid giving admin role. 

Regards

Magesh