question

Sunny987 avatar image
0 Votes"
Sunny987 asked ·

Azure AD user provisioning with G suite

Hi Team,

We are facing some issues on Azure AD user provisioning with G suite below is the error

"Not Authorized to access this resource/api" } ], "code": 403, "message": "Not Authorized to access this resource/api" } } Web Response: { "error": { "errors": [ { "domain": "global", "reason": "forbidden", "message": "Not Authorized to access this resource/api" } ], "code": 403, "message": "Not Authorized to access this resource/api" } } . This operation was retried 0 times. It will be retried again after this date:

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered ·

Can you please provide more details - What exactly you are trying to achieve and at which stage you are getting this error ?

· 5 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in if you are still having issues ?

0 Votes 0 · ·

@SaurabhSharma-msft we are doing auto-provisioning from Azure AD to G suite app.

We assign users in provisioning scope which then creates users on G suite app. For few users we are seeing below errors on audit logs of provisioning app.

Can you please suggest we can see below error on provisioning audit logs for some users. We sync users via groups scoping from Azure ad to G suite application

Details details: Skip reason = UnableToResolveReferenceAttributeValue, Active = ?, Assigned = ?, Passed scope filter: ?;



There is no much information to see why it is skipping, all mapping is correct as other users are also getting synced without any issue.


0 Votes 0 · ·

@Sunny987 Can you please check if any member of the groups are in disabled state. If they are then the user will need to be removed from the group, then re-added to the group in AAD. By doing this, a change to the group membership is triggered and on the next delta sync the group memberships should populate again for that user.

0 Votes 0 · ·
Sunny987 avatar image Sunny987 SaurabhSharma-msft ·

@SaurabhSharma-msft

thanks for the input, they are in enable state however we remove from the on-prem group and then put them back to the group. That resolve the above issue user skipped.

But I am wondering what could be the cause here?

0 Votes 0 · ·
Show more comments