4

We are attempting to delete a user within Azure B2C by using the Graph API, but have had no luck up to this point. Documentation here suggests that it is possible: https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/users-operations#DeleteUser

We currently have no issues when it comes to creating/updating users, but when attempting a delete operation we get the following error:

Authorization_RequestDenied - Insufficient privileges to complete the operation.

I'm aware there are limitations to using the Graph API with B2C, but the documentation out there suggests this should not be one of them.

Improve this question

1 Answer 1

Reset to default
3

If you want to have enough privileges to Delete Users, you need to assign Company Administrators Role to your Service principal. You can refer to this document to do that.

  1. Use AAD Powershell to Connect AAD:

Connect-AzureAD

  1. Get the Role of Company Administrator:

$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}

  1. Assign the role to your SP:

Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $yoursp.ObjectId

  1. Try to Get a new token and use it in the head to Delete the user again. Here is my result:

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Note that Company Admin is basically the highest role available. I'd try adding more privileges for the app from the portal first. Then if none of those work, this is of course an option.
@juunas any suggestions on which scopes/privileges should be added in order to delete a user?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.