azureazure-active-directorymicrosoft-graph-apipostmanazure-ad-graph-api

Using Azure AD Graph REST API to reset users password (on behalf)


I'm trying to reset user password using graph rest API with a client ID.I have created application with UserAuthenticationMethod.ReadWrite.All and added the application to the user administrator as well. When call the request using Postman I am getting following error. What casuing this problem. I am passing OAuth token for client as well in the headers.

enter image description here

I'm using this end point.

https://graph.microsoft.com/v1.0/users('testing@.example.org')/authentication/methods/{clientid}/resetPassword

I have given following permissions to the application.

enter image description here


Solution

  • Initially, I registered one Entra ID application and granted API permissions as below:

    enter image description here

    Added the above application to User Administrator directory role like this:

    enter image description here

    Now, I generated OAuth token using client credentials flow via Postman with below parameters:

    POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
    grant_type:client_credentials
    client_id:appID
    client_secret:secret
    scope: https://graph.microsoft.com/.default
    

    Response:

    enter image description here

    When I used this token to reset user's password by calling below API, I too got same error:

    POST https://graph.microsoft.com/v1.0/users/userID/authentication/methods/methodId/resetPassword
    {
        "newPassword": "xxxxxxx"
    }
    

    Response:

    enter image description here

    The error occurred as resetting user's password operation does not support Application permissions as mentioned in this MS Doc.

    Alternatively, you can make use of Update user API call to reset user's password by updating passwordProfile property like this:

    PATCH https://graph.microsoft.com/v1.0/users/{id}
    {
      "passwordProfile": {
        "forceChangePasswordNextSignIn": false,
        "password": "xxxxxxxx"
      }
    }
    

    Response:

    enter image description here

    Reference: Update user - Microsoft Graph v1.0