I am currently trying to implement access packages with ServiceNow request. The whole workflow should be as follows: Access Package gets created> AP gets approved > Logic App triggers on approved status and sends the data to SNOW> Request is opened in SNOW> Once request is completed in SNOW a POST request is sent to Azure to complete the access package. I've been following this article https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-ticketed-provisioning#requesting-access-to-an-access-package-as-an-end-user.
However, I have been getting Bad request when I try to ping the endpoint. At first, I thought the issue was from SNOW not being able to map the correct ID, however I tested the POST in Postman and I still get the BadRequest error:
The endpoint has a variable in it, I took it from the article https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/${AccessPackageAssignmentRequestId}/resume and the HTTP body is:
{
"data": {
"@odata.type": "#microsoft.graph.accessPackageAssignmentRequestCallbackData",
"customExtensionStageInstanceDetail": "Resuming-Assignment for user",
"customExtensionStageInstanceId": "${StageInstanceId}",
"stage": "${Stage}"
},
"source": "ServiceNow",
"type": "microsoft.graph.accessPackageCustomExtensionStage.${Stage}"
}
Output:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'accessPackageAssignmentRequests'.",
"innerError": {
"date": "2024-04-17T07:51:11",
"request-id": "2662a872-1251-4889-96c2-c8fd4220c24b",
"client-request-id": "2662a872-1251-4889-96c2-c8fd4220c24b"
}
}
}
Seems that the endpoint is either not correct as I tried directly inputting the IDs into the body and endpoint but I get the same result. Any ideas?
I tried using the IDs directly into the body and endpoint but I still got the same issue.
We managed to fix the issue with Microsoft Support. It appears that the endpoint is wrong. It should be:
https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/AssignmentRequests/${AccessPackageAssignmentRequestId}/resume
Also, it wasn't mentioned in the article that my API needs the EntitlementManagement.ReadWrite.All
permissions.
Lastly, I needed to change the Content-Type in the REST message in ServiceNow
to application/json
.