PAM-CMN-5360: Failed to get Azure API access token. invalid

search cancel

PAM-CMN-5360: Failed to get Azure API access token. invalid_grant

book

Article ID: 267770

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We want to integrate our CA PAM appliances to Azure AD for User authentications, we have tried to register a new app in Azure for this but struggling to configure this in CA PAM appliance,

The following error gets displayed in the tomcat logs for this

23-06-06T12:41:23.901+0000 SEVERE [TP1] com.ca.pam.rest.AzureConnectionService.getSubscriptions Call to Gatekeeper service controller failed: PAM-CMN-5360: Failed to get Azure API access token. invalid_grant : The user or administrator has not consented to use the application with ID '<application id>' named '<Account>'. Send an interactive authorization request for this user and resource.
Trace ID: bb7886f6-33e9-4c51-a59c-475938157702
Correlation ID: f3657d29-fd17-45ff-9ec6-8d55b16ae28f
Timestamp: 2023-06-06 12:41:23Z

Environment

Release : 4.1.3 and below

Cause

There was a documentation bug which was misleading in its meaning, so this one step was skipped

Resolution

Open the App that you created.
In the
Manage
menu, select
API Permissions
.
On the API Permissions panel, select
+Add a permission
.
On the Request API Permissions page, select
Azure Service Management
.
Select
Delegated permissions
.
Under
Select permissions
, type to search for "directory."
In the search results, select
user_impersonation
(Access Azure Service Management as organization users (preview)).
Select
Add Permissions
.
Under
Grant consent
, select
Grant admin consent for [your directory]
.
Select
Yes
.
Close
API permissions
.
On the application
Manage
menu, select
Authentication
.
Scroll down to
Default client type
. Select
Yes
.
Select
Save
.

Feedback

thumb_up Yes

thumb_down No