Skip to main content

Global Admins are not updated/synced in Azure

  • March 31, 2023
  • 0 replies
  • 67 views

When trying to sync users from Bob to Azure (Microsoft Entra ID) and you have users who are getting the error:

Failed to Updating user [email]: Authorization_RequestDenied - Insufficient privileges to complete the operation.
Error cause
The credentials provided are missing required AzureAD permissions.
Suggested action
Make sure that all the required permissions are granted to the AzureAD account associated with this integration.

You’ll want to check whether the users have Admins roles in Azure. 

If so, you will need to add a delegated permission called Directory.AccessAsUser.All to the Bob Enterprise app in Azure. 
Bob app permissions for Global Admins: Delegated permissions > Directory.AccessAsUser.All
 
If they don't Admin roles, it's probably related to some sensitive fields of Azure e.g. business phone that you are trying to sync.

Please see the Data mapping table on the Bob integration page and if you see some sensitive Azure fields there, it might be that your Azure account setup requires adding the Directory.AccessAsUser.All permission to the Bob Enterprise app in Azure + ensuring that the calling user that has a higher privileged administrator role as indicated in Who can perform sensitive actions.

Check also this link with  the table.
 
It's also important to point out that the above was shared with us by the Microsoft team and still it's better to consult with them regarding the matter.

Alternatively, you can delete sensitive fields’ mapped pairs if you don't need them anyway.