New users were added to Azure Active Directory, but one or both of the following errors occur when Refresh Azure SAML Users is clicked in PAM to add them.

PAM-CMN-5361: Failed to access Azure API: Request_BadRequest – The Request URI is not valid. Since the segment ‘Microsoft.DirectoryServices.User’ refers to a collection, this must be the last segment in the request URI. All Intermediate segments refer to a single resource

PAM-CMN-5361: Failed to access Azure API: Authorization_RequestDenied – Insufficient privileges to complete the operation…

Privileged Access Manager, all versions

The Azure SAML user refresh is meant to remove users from PAM that no longer belong to any of the groups in Azure that are integrated with PAM. It's not meant to add users. Users are added automatically by Just In Time provisioning, no need to add them with a refresh.