We are trying to integrate the Azure Active Directory (using Graph API) with java web-based custom LDAP application to sync groups. As a first step, we can authenticate and get tokens, but facing error
Authorization_IdentityNotFound, the identity of the calling application could not be established, Request ID: cec7a25c-0af6-4c6a-99f714d80a01ad85
while trying to fetch the groups using graph API URL from Azure AD site.
Steps done for Azure AD Configuration:
- Created app using “App Registration” in Azure Active Directory (From here we have taken application id (client id), tenant id- Used same in JAVA Application for integration).
- Configured API Permission from the Azure active directory graph: a. Application Permission – Provided read access to Application, Directory, Domain, Member & Policy b. Delegated Permission – Provided read access to Directory, Member, Policy, Groups, and Users
- Generated client secret key for the registered App.
- Created users and groups – (Added users into the groups)
- Graph API -
https://graph.windows.net
(This link used in application) - Active directory authority -
https://login.microsoftonline.com/common/
(This link used in application)
What other configuration/permission level required to fetch Group List?