search cancel

PAM-CMN-5361: Failed to access Azure API message when trying Refresh Azure Users.

book

Article ID: 214519

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When trying refresh users from Azure getting this error

PAM-CMN-5361: Failed to access Azure API: Request_BadRequest – The Request URI is not valid. Since the segment ‘Microsoft.DirectoryServices.User’ refers to a collection, this must be the last segment in the request URI. All Intermediate segments refer to a single resource and PAM-CMN-5361: Failed to access Azure API: Authorization_RequestDenied – Insufficient privileges to complete the operation…

 

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The Azure SAML user group refresh is meant to remove users from PAM that no longer belong to any of the groups in Azure that are integrated with PAM. It's not meant to add users. Users are added automatically by Just In Time provisioning, no need to add them with a refresh.