Whenever I try to create a user from Azure AD spoke. I get this error: " Forbidden Request. Please Check Oauth Token and scope permission."

Roy13 · ‎12-17-2020

Hello,

I followed this (https://youtu.be/JOUBcINNF9g) tutorial to setup my Azure AD spoke. but whenever I try to push a user from ServiceNow to Azure Ad it gives me the following error: "Forbidden Request. Please Check Oauth Token and scope permission."

Everything that I have created is in the Microsoft Azure AD spoke Scope. And my Oauth token is also valid has anyone else encountered this error before?

Sravani36 · ‎04-26-2022

Hi Richard,

I have Created a Custom field in sys_user table (Objectid) mapped this in Azure portal attribute but still the objectid is not reflecting in ServiceNow.

Richard Hine · ‎04-27-2022

Can you share a screenshot of the field you created on sys_user and the mapping you have put into the user provisioning configuration in Azure?

You might need to restart user provisioning in Azure to push the new attribute.

Thanks,

Richard

MuzaffarS · ‎09-26-2024

In Microsoft Active Directory, the User Principal Name (UPN) is a username and domain in an email address format. You can try passing the user's email from ServiceNow.

It worked for me!

Sravani36 · ‎06-30-2022

Hi Richard will you be able to add multiple users in azure ad group when I'm trying this i can able to add only one user if I'm trying to add multiple users it's throwing an error as we are using API to get object ID and parsing it." Cannot convert null to an object"

Richard Hine · ‎07-03-2022

Sravani,

If you want to add multiple users to one group, you need to use the 'Add Multiple Users To Group' action within the spoke but it is limited to 20 users in a single call.

When you say you are having issues using API to get object ID, are you meaning you are using the graph users API to retrieve the object id based on the upn?

Richard