Cannot delete user in Azure B2C using Graph API

4
votes

We are attempting to delete a user within Azure B2C by using the Graph API, but have had no luck up to this point. Documentation here suggests that it is possible: https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/users-operations#DeleteUser

We currently have no issues when it comes to creating/updating users, but when attempting a delete operation we get the following error:

Authorization_RequestDenied - Insufficient privileges to complete the operation.

I'm aware there are limitations to using the Graph API with B2C, but the documentation out there suggests this should not be one of them.

1
azureazure-active-directoryazure-ad-graph-api

1 Answers

3
votes

If you want to have enough privileges to Delete Users, you need to assign Company Administrators Role to your Service principal. You can refer to this document to do that.

  1. Use AAD Powershell to Connect AAD:

Connect-AzureAD

  1. Get the Role of Company Administrator:

$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}

  1. Assign the role to your SP:

Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $yoursp.ObjectId

  1. Try to Get a new token and use it in the head to Delete the user again. Here is my result:

enter image description here