Skip to main content

Fixing the “Authorization _RequestDenied (403)” error when connecting Microsoft 365 services to Bardeen

Victoria from Bardeen
  • Updated

This guide explains how to resolve the Authorization_RequestDenied (403) MicrosoftGraph failed to get user: Insufficient privileges to complete the operation error when connecting Microsoft 365 services (OneDrive, Outlook, Excel Online, etc.) to Bardeen. The issue occurs when Microsoft Entra ID (Azure AD) assigns only the basic User.Read scope during the first consent, leaving four required Microsoft Graph permissions missing.

 

Follow the steps below to grant the missing permissions and complete the connection:

 

Step 1: Confirm the Symptoms

1. In Bardeen, attempt to connect OneDrive/Outlook.
2. You receive the error Authorization_RequestDenied (403): Insufficient privileges to complete the operation.
3. In the Azure Portal, the **Admin consent** table for the Bardeen application shows only one row (User.Read). 

*Step 2 explains how to get here

oomk5.png

 

 

Step 2: Locate the Permissions Page in Azure Portal

1. Sign in to the Azure Portal with a Global Admin (or Cloud Application Administrator) account at https://entra.microsoft.com/ 
2. Navigate to Identity ▶ Applications ▶ Enterprise applications.
3. Search for and select Bardeen.
4. In the left menu, click Permissions.

cp5e5.png

 

 

Step 3: Grant Admin Consent Until All Five Scopes Appear

1. On the Permissions page, click the blue Grant admin consent button.
2. Wait for the pop-up to finish and then refresh the page.
3. If the table still shows only one row, repeat the button click and refresh. Microsoft sometimes needs two or three attempts.
4. Stop when the table lists all five delegated scopes:
   • User.Read
   • openid
   • profile
   • offline_access
   • Files.ReadWrite.All

b0qdq.png

 

 

Step 4: (Optional) Re-connect as Admin with Tenant-wide Consent

If the connection was originally started by an **admin** and still fails:
1. Start the integration again from Bardeen.
2. Sign in with the admin account.
3. Check the box Consent on behalf of your organization in the Microsoft prompt (see image below).
4. Click Accept and verify the permissions table now shows all five scopes. If not, repeat Step 3.

yjn7y.png

 

 

Step 5: Verify the Connection

1. Return to Step 3 and verify that the permissions table is populated correctly.
2. Regular users can now connect without additional admin action.

 

 

Additional Notes

- If your security policy restricts Files.ReadWrite.All, create a separate security group for Bardeen and assign the enterprise application only to that group.
- Still stuck? Verify that the five scopes are present in Azure Portal, then retry the connection from Bardeen.

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.