Unable to delete user from Azure AD B2C

0
votes

According to this article it should be possible to delete a user from Azure AD B2C using the Microsoft Graph API: https://docs.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-operations (more specifically: https://docs.microsoft.com/en-us/graph/api/user-delete)

I have set the User.ReadWrite.All permission (for permission type Application) and granted admin consent.

However, when calling the corresponding endpoint with a http DELETE request, it fails with the following response:

 {
     "odata.error": {
         "code": "Authorization_RequestDenied",
         "message": {
             "lang": "en",
             "value": "Insufficient privileges to complete the operation."
         },
         "requestId": "b129b3a7-a0e9-42db-aa7a-97da31590095",
         "date": "2020-11-04T12:53:32"
     }
 }

Other operations (such as listing and updating users) work perfectly fine. Does anyone know what causes this behavior? Any help is highly appreciated.

Update:

This is a sample of a request which I try to send to the Graph API: Postman Curl request

1
azure-active-directorymicrosoft-graph-apiazure-ad-b2c
Can you please confirm your role.Raghavendra beldona
I have the "Global administrator" and "Application administrator" rolesMCamporelli
Please share the Graph API request code for deleting the user and its looks like the request id and the date time stamp that you have provided is invalid can you please share us the right Request id and the Time stamp of the failed request(error message)Raghavendra beldona
I have attached a screenshot of the request.MCamporelli
It seems you are not having the required permission. Please check the Access token you are using having scp with User.ReadWrite.All having are not by decoding the token using [Jwt.ms](https:/jwt.ms).Raghavendra beldona

1 Answers

0
votes

Make sure you are calling Microsoft Graph and the configured permissions are under Microsoft Graph.

Based on your Curl request, you are calling Azure AD Graph (endpoint https://graph.windows.net).

The Microsoft Graph endpoint is https://graph.microsoft.com.

If your permissions are set correctly under Microsoft Graph, try to use DELETE https://graph.microsoft.com/v1.0/users/{user-id} to delete the user.