The identity of the calling application could not be established while I try to create a new user using Graph API In Azure

Question

An Application has been registered in Azure Active Directory and all the client IDs, client secrets, and tenant IDs have been created.

After I give User.ReadWrite, User.All and Directory.All accesses in both applications and delegated type on Microsoft graph API.

I tried using this API https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token to get bearer token using the request body:

clientID:{clientId}, clientSecret:{clientSecret}, grant_type:client_credentials scope:https://graph.microsoft.com/.default

After getting the bearer token with that I am not able to create a user using the below graph API https://graph.microsoft.com/v1.0/users, I get this error.

"error": { "code": "Authorization_IdentityNotFound", "message": "The identity of the calling application could not be established.", }

Could anybody tell me how to create a new user using this API? Could anybody tell me I was correct on authorization? If no tell me how to?

Could you please share the request body when creating a new user? Does the request to get users work? GET https://graph.microsoft.com/v1.0/users — user2250152, Jun 14 '23 at 11:38
{ "accountEnabled": true, "displayName": "Pafasos", "mailNickname": "Pafasos", "userPrincipalName": "pafasos708@bodeem.com", "passwordProfile": { "forceChangePasswordNextSignIn": true, "password": "smdksa@A19" } } @user2250152 could you check it? — arunaji601, Jun 14 '23 at 11:42

kavyaS · Answer 1 · 2023-06-19T04:47:08.887

0

Make sure to give User.ReadWrite.All application permission to the application and grant admin consent .

And check if your application is registered as multi tenant application.

In that case give the correct target tenantId where the application permissions are given.

I am able to create the users with the above permissions.

POST https://graph.microsoft.com/v1.0/users

Content-type: application/json

{
  "accountEnabled": true,
  "displayName": "kavxxxe",
  "mailNickname": "kavxx",
  "userPrincipalName": "xxx@contoso.onmicrosoft.com",
  "passwordProfile" : {
    "forceChangePasswordNextSignIn": true,
    "password": "xWxxxbWH-d"
  }
}

Note: Make sure the permissions are given admin consent else this error may arise.

Refer : Authorization_IdentityNotFound on Microsoft Graph API request

Edit:

Admin consent can be granted from the portal itself if you are admin or while user login :

edited Jun 19 '23 at 04:47

answered Jun 14 '23 at 12:36

kavyaS

8,026
1
7
19

hi, I'm using the Admin account, so I have added the permissions but I did not have the - grant admin to consent. And also i have given all permissions. Can you give an example of an adminstrator account? – arunaji601 Jun 14 '23 at 12:58
should it be multi-tenant app? – arunaji601 Jun 14 '23 at 13:42
It need not be multi tenant , but if it is , then please make sure tenantId is given correctly and also check for client ID and secret if they are correct. please check the edit in the answer , regarding admin consent. – kavyaS Jun 19 '23 at 04:48
should we want to use business account or personal account? – arunaji601 Jun 19 '23 at 09:49
I have used microsoft account. It must be work or school account .Check this: https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#permissions – kavyaS Jun 22 '23 at 11:19

The identity of the calling application could not be established while I try to create a new user using Graph API In Azure

1 Answers1