Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

I’m trying to automate onboarding of new users by generating and updating their password for their first login.

I’m generating a temporary password for a user and need to update the user on Entra (Azure AD), I’m using the “API Request (Beta)” action event on the Azure AD app. The endpoint I’m using is documented here in microsoft’s documentation. 

The request is correctly formed and the account I’m using has global administrator right on Entra.

The body is the following :

{
  "passwordProfile": {
    "forceChangePasswordNextSignIn": true,
    "password": "{{_GEN_1740140375457__randomString}}"
  }
}

Upon testing my request I get the following response : 

{"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2025-02-21T14:32:55","request-id":"bd753177-9a2a-4b1a-86cf-b1b068ad1b4d","client-request-id":"bd753177-9a2a-4b1a-86cf-b1b068ad1b4d"}}}

The Microsoft documentation does state that the `User-PasswordProfile.ReadWrite.All` permission is required to perform this action but when checking the permissions that the Zapier Azure AD Enterprise Application has on entra this one is not there. 

Is there a way to request this permission from Zapier ? Could this endpoint be supported natively ? Is there an easier way to do this that I’m missing ? 

Hi ​@Lucas O, welcome to the Community! 🎉

Sorry to hear the Azure Active Directory app connection is missing that User-PasswordProfile.ReadWrite.All permission. I’d suggest contacting our Support team to submit a new feature request for that permission to be added. You can do that here: https://zapier.com/app/get-help

In the meantime, it might be worth exploring a Custom Action to see if that uses a different set of permission scopes. You can learn more about Custom actions here: Create a custom action

Hope that helps. If you do give that a try, please let us know—would love to hear how it goes!

Hi,

I have the same issue, I raised a feature request in January to look into this. Appears the Ent App does not have sufficient permissions in Azure to make the change.

 

The other option would be for the Update User action event to include Reset Password field.

 

JP

Thanks for reaching out ​@digit 👋 Sorry to hear that you’re running into this as well.

It looks like ​@Lucas O was added to that feature request by the Support team. There aren’t any updates on it at the minute but if I come across any news or workarounds I’ll be sure to share them here! 🙂

Terms & ConditionsAccessibility statement