none
Azure Privileged Identity Management - selfActivate API requires Multi-Factor Authentication

    Question

  • I tried to work around with beta version of Privileged Identity Management (PIM) service. Everything is good for me. I can retrieve roles and update/delete assigned roles,... through API at https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/privilegedidentitymanagement_root.

    But, I just got an issue when working with selfActive API (https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/privilegedrole_selfactivate), it's failed with "Elevation requires Multi-Factor Authentication." message.

    I used Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer) to make below request:
    - Endpoint: https://graph.microsoft.com/beta/privilegedRoles/95e79109-95c0-4d8e-aee3-d01accf2d47b/selfActivate
    - Request Body: 
    {

      "reason": "reason",
      "duration": "",
      "ticketNumber": "",
      "ticketSystem": ""
    }
    - Response:

    client-request-id: 7f99a77c-bb3d-4205-aaed-2e52cb247524
    content-type: application/json
    cache-control: private
    request-id: 7f99a77c-bb3d-4205-aaed-2e52cb247524
    Status Code: 401
    {
        "error": {
            "code": "UnknownError",
            "message": "Elevation requires Multi-Factor Authentication.",
            "innerError": {
                "request-id": "7f99a77c-bb3d-4205-aaed-2e52cb247524",
                "date": "2017-05-02T07:05:16"
            }
        }
    }


    I tried to solve them by using Azure Multi-Factor Authentication, but failed. I don't know what should I do to solve this issue exactly? --Thanks!

    Tuesday, May 2, 2017 7:55 AM