Stack Overflow
Stack Overflow

Questions tagged [azure-ad-graph-api]

Use this tag for Azure AD Graph API (see link [1] in details below) related questions (not Microsoft Graph). The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects

Graph API supports the following common operations for a user object:

  • Create a new user in a directory
  • Get a user’s detailed properties, such as their groups
  • Update a user’s properties, such as their location and phone number, or change their password
  • Check a user’s group membership for role-based access
  • Disable a user’s account or delete it entirely

In addition to user objects, you can perform similar operations on other objects such as groups and applications.

Useful Links:

  1. Documentation
  2. MSDN: Azure AD Graph API Reference
  3. Microsoft Graph or Azure AD Graph
1920 questions
50
votes
12 answers

Graph API - Insufficient privileges to complete the operation

When trying to access the Graph Service Client using I am receiving the error: Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. After researching this error the most common solution was to set the…
j9070749
  • 815
  • 2
  • 11
  • 22
27
votes
1 answer

Azure: Service Principal ID vs Application ID

According to this documentation: Application and Service principal are clearly two different things. Application is the global identity and Service principal is per Tenant/AAD But This Documentation and This Stack Overflow Question suggest they are…
Gadam
  • 2,674
  • 8
  • 37
  • 56
26
votes
2 answers

NameIdentifier vs ObjectIdentifier

I have a multitenant ASP.NET application using OpenIdConnect and Azure AD as an Identity provider for Office 365. When the user is authenticated I receive my claims in ClaimsPrincipal.Current. I wanted to identify a user and store this id reference…
Benoit Patra
  • 4,355
  • 5
  • 30
  • 53
24
votes
8 answers

AADSTS50012: Invalid client secret is provided when moving from a Test App to Production

I have two applications registered under the Azure Portal: a test version and a production version. My test App works fine with the Client Id and ClientSecret/AppKey that I got from the test app's detail from Azure Portal. However when I move to the…
yfan183
  • 547
  • 2
  • 7
  • 20
20
votes
6 answers

headless authentication Azure AD b2c

I am looking for a way to authenticate a user by username/password in a headless manner for Azure AD b2c. Azure AD b2c is great but we feel the redirects for logins can lead to confusion among customers (and sometimes even prevented by some…
Gina Marano
  • 1,773
  • 4
  • 22
  • 42
19
votes
1 answer

Add claims into token Azure B2C

What are ways to include custom claims (user subscriptions or roles list as example) in a token before issuing it in Azure AD B2C, provided that claims are stored somewhere on own server (not available in B2C)? Goal to have claims in the token to…
st1
  • 661
  • 1
  • 6
  • 12
17
votes
1 answer

Azure AD Graph call for User creation failing with some obscure error

I have been told to raise a question about Azure AD Graph Api here instead of raising it as an issue for the corresponding GitHub sample repository, I hope Azure Graph API team monitors SO and can help us with this github sample issue Some extra…
Alexey Shcherbak
  • 3,394
  • 2
  • 27
  • 44
16
votes
1 answer

Graph API: Either scp or roles claim need to be present in the token

I'm attempting to use MS Graph API to get a list of files/folders from OneDrive for Business. I've successfully executed the queries I need in Graph Explorer and am now moving on to implementing in my project. My app is a Windows service, so I'm…
baparks
  • 255
  • 1
  • 3
  • 7
15
votes
3 answers

Azure AD B2C - Sign out a user from all sessions

I have 3 websites using a single B2C tenant. I have been asked to set it up so that when a user signs out of one website, sign out of them all. Likewise if their account is deleted. I thought that I would have to introduce a call to Azure on every…
gfyans
  • 1,236
  • 1
  • 16
  • 21
14
votes
4 answers

Paging in MS Graph API

Graph API Paging explains that the response would contain a field @odata.nextLink which would contain a skiptoken pointing to the next page of contents. When I test the API, I'm getting a fully-qualified MS Graph URL which contains the skiptoken as…
asgs
  • 3,928
  • 6
  • 39
  • 54
14
votes
1 answer

How to access the Project Server REST API using Azure AD App permissions?

I have a standalone web application (not an add-in) and I would like to access Project Server PWA oData from this web application without using the PWA username/password combination. I can do this for SharePoint oData by registering my web app in…
whatsinaname
  • 186
  • 9
13
votes
3 answers

Azure AD v2 roles not included in Access Token

I'm using https://login.microsoftonline.com/.../oauth2/v2.0/token to authenticate (authorization_code grant) to azure Ad using the scopes: offline_access, openid, profile, User.Read According to the documentation the Access Token I receive should…
Murdock
  • 4,352
  • 3
  • 34
  • 63
13
votes
7 answers

Deleting an Application's AppRole in Azure Active Directory

Removing an AppRole from an Application’s manifest produces a 400 Bad Request with the error Property value cannot be deleted unless it is disabled first. When I set the isEnabled property to false and then hit save, I get a successful saven…
Muhammad Rehan Saeed
  • 35,627
  • 39
  • 202
  • 311
12
votes
1 answer

Get Extended Properties on User using Microsoft Graph

I am working with Microsoft Graph to manage Azure AD users and am having some trouble accessing extension properties on a User object. The property was added when the user was created using Azure AD Graph API and if you query the user using Azure AD…
J Lauzon
  • 141
  • 1
  • 2
  • 6
11
votes
1 answer

How to implement single sign-on django auth in azure ad?

I have a django-based web application, a client requested that we integrate the login with Azure AD, following the documents I managed to integrate with the following flow. In django the user types only the email, I identify the user and his company…
GustavoNogueira
  • 389
  • 1
  • 3
  • 16
1
2 3
99 100