/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- While provisioning users from Azure AD to SAP Cloud Identity, an error is encountered when using Delegated Permissions instead of Application Permissions.
- The error message in the IPS job logs is as follows: "Cannot execute provisioning job in tenant context: xxxxxxxx. Error during execution on behalf of tenant with ID: xxxxxxxx. Cannot read entities from source system: 'jlr-azure-ad-dev: xxxx-xxxxx-xxxxxxx'. HTTP operation failed invoking with statusCode: 403 and body {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation."
Read more...
Environment
Identity Provisioning Service (IPS)
Product
SAP Cloud Identity Services all versions
Keywords
Azure AD, Delegated Permissions, User Provisioning, SAP Cloud Identity, IPS, Authorization Request Denied , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)