MS365 Connector: Listener Error: Authorization Error. Your application may not have the correct permissions for the Microsoft Graph API

With App version 5.1 (UCS 5) and 4.3( UCS 4), the Microsoft 365 App has been completely migrated to the Microsoft Graph API. Additional privileges for the Microsoft Graph API need to be added to the configured App registrations in Azure, if the initial setup was run before version 4.0.
If this is the case, you’ll also see this error in the listener.log after each service univention-directory-listener restart.

Authorization Error. Your application may not have the correct permissions for the Microsoft Graph API"

To add these additional permissions, you need to login to the Azure portal.
Select the Azure Active Directory service. In case you have multiple Active Directories, click Switch directory to choose the one you want to add your permissions to.
azure
Open the App registrations module.
Open the application which is connected to the Microsoft365 connector app on UCS and click on API permissions.
Click Add a permission, select the API Microsoft Graph, choose “Application Permissions” and search for and add the following permissions:

  • Directory ReadWrite.All
  • Group ReadWrite.All
  • TeamMember ReadWrite.All
  • User ReadWrite.All

Click on Grant admin consent for Univention Test GmbH to activate the newly added permissions.
newperm

By executing service univention-directory-listener restart the permission check will be repeated.
If the warning mentioned above does not appear, the permissions are now correct.

1 Like
Mastodon