Unable to fetch the group list from the Azure Active Directory through Enterprise App

Question

We are trying to integrate the Azure Active Directory (using Graph API) with java web-based custom LDAP application to sync groups. As a first step, we can authenticate and get tokens, but facing error

Authorization_IdentityNotFound, the identity of the calling application could not be established, Request ID: cec7a25c-0af6-4c6a-99f714d80a01ad85

while trying to fetch the groups using graph API URL from Azure AD site.

Steps done for Azure AD Configuration:

1. Created app using “App Registration” in Azure Active Directory (From here we have taken application id (client id), tenant id- Used same in JAVA Application for integration).
2. Configured API Permission from the Azure active directory graph: a. Application Permission – Provided read access to Application, Directory, Domain, Member & Policy b. Delegated Permission – Provided read access to Directory, Member, Policy, Groups, and Users
3. Generated client secret key for the registered App.
4. Created users and groups – (Added users into the groups)
5. Graph API - https://graph.windows.net (This link used in application)
6. Active directory authority - https://login.microsoftonline.com/common/ (This link used in application)

What other configuration/permission level required to fetch Group List?

Answer 1

According to the error in your question, I guess you should be using the client credential flow, which generally uses application permissions. For this error, you only need to change the https://login.microsoftonline.com/common/ Replace common/ with tenant Id or domain name.