question

Joeri-3247 avatar image
0 Votes"
Joeri-3247 asked sikumars commented

Error AADSTS7000113 when granting admin consent for AAD Graph API permission

We automated the configuring of the API graph permissions for Service principals. In the script we are setting Microsoft graph API permissions as wel as Azure Active Directory graph permission and granting Admin consent on the permissions.

We managed to grant Admin Consent for the Microsoft Graph API permissions.

Granting Admin consent for the Azure Active Directory graph permission throws an error:

"AADSTS7000113: Application '74658136-14ec-4630-ad9b-26e160ff0fc6' is not authorized to make application on-behalf-of calls.

The SPN under which the automated script runs, is Global Administrator and Priviliged Role Administrator

Please help.

azure-ad-app-registrationmicrosoft-graph-permissions
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,

0 Votes 0 ·

1 Answer

sikumars avatar image
1 Vote"
sikumars answered

Hello @Joeri-3247,

Thanks for reaching out.

This is limited by design, you cannot use a service principal sign-in to Grant Admin consent for permissions in Microsoft Graph/Azure Active Directory graph to other service principals. Instead, you need to use user identity to granting Admin consent for Service principals


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.