Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Question

Can't reset user password from Azure AD API Request app

  • February 21, 2025
  • 1 reply
  • 13 views
L

I’m trying to automate onboarding of new users by generating and updating their password for their first login.

I’m generating a temporary password for a user and need to update the user on Entra (Azure AD), I’m using the “API Request (Beta)” action event on the Azure AD app. The endpoint I’m using is documented here in microsoft’s documentation. 

The request is correctly formed and the account I’m using has global administrator right on Entra.

The body is the following :

{
  "passwordProfile": {
    "forceChangePasswordNextSignIn": true,
    "password": "{{_GEN_1740140375457__randomString}}"
  }
}

Upon testing my request I get the following response : 

{"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2025-02-21T14:32:55","request-id":"bd753177-9a2a-4b1a-86cf-b1b068ad1b4d","client-request-id":"bd753177-9a2a-4b1a-86cf-b1b068ad1b4d"}}}

The Microsoft documentation does state that the `User-PasswordProfile.ReadWrite.All` permission is required to perform this action but when checking the permissions that the Zapier Azure AD Enterprise Application has on entra this one is not there. 

Is there a way to request this permission from Zapier ? Could this endpoint be supported natively ? Is there an easier way to do this that I’m missing ? 

Did this topic help you find an answer to your question?

1 reply

SamB
Community Manager
Forum|alt.badge.img+11
  • SamBCommunity Manager
  • Community Manager
  • 7547 replies
  • February 24, 2025

Hi ​@Lucas O, welcome to the Community! 🎉

Sorry to hear the Azure Active Directory app connection is missing that User-PasswordProfile.ReadWrite.All permission. I’d suggest contacting our Support team to submit a new feature request for that permission to be added. You can do that here: https://zapier.com/app/get-help

In the meantime, it might be worth exploring a Custom Action to see if that uses a different set of permission scopes. You can learn more about Custom actions here: Create a custom action

Hope that helps. If you do give that a try, please let us know—would love to hear how it goes!

Reply


Terms & Conditions