<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Azure AD Connector "Assign Role to User" Card Fails with a "404 Not Found" Error in Okta Workflows
Jun 13, 2025
Okta Classic Engine
Okta Identity Engine
Workflows
Overview

The Azure Active Directory connector "Assign Role to User" card is used to assign built-in Administrative roles to users in Entra ID, using Okta Workflows.  When attempting to assign a valid built-in role to an existing user in Entra ID, the card may return the following 404 Not Found error, indicating that the role does not exist:

{
  "_error": true,
  "retry_count": 0,
  "flo": 903266,
  "method": "Q3DG9qucW",
  "execution": "593bca74-8e58-4e54-9f48-4fa8aebc0ea1",
  "module": "office365admin.assignRoleToUser",
  "kind": "HTTP Request Error",
  "statusCode": 404,
  "headers": {
    "client-request-id": "742d5d45-0aa4-4cc4-8c93-b95a7dd1708b",
    "cache-control": "no-cache",
    "x-ms-resource-unit": "1",
    "date": "Mon, 09 Jun 2025 16:45:46 GMT",
    "strict-transport-security": "max-age=31536000",
    "x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"East US\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"006\",\"RoleInstance\":\"BL6PEPF0001B994\"}}",
    "content-type": "application/json",
    "transfer-encoding": "chunked",
    "request-id": "742d5d45-0aa4-4cc4-8c93-b95a7dd1708b"
  },
  "body": {
    "error": {
      "code": "Request_ResourceNotFound",
      "message": "Resource '5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91' does not exist or one of its queried reference-property objects are not present.",
      "innerError": {
        "date": "2025-06-09T16:45:47",
        "request-id": "742d5d45-0aa4-4cc4-8c93-b95a7dd1708b",
        "client-request-id": "742d5d45-0aa4-4cc4-8c93-b95a7dd1708b"
      }
    }
  },
  "message": "404 Not Found",
  "code": 404,
  "description": "HTTP Request Error",
  "steps": 89,
  "source": {
    "flo": "office365admin:1.0.202:customAPIAction",
    "method": "pkazAoR_MaJQ0",
    "execution": "20a3d765-28f3-4618-96d8-9d5193f9b128",
    "module": "http.call"
  },
  "_fatal": null
}

 

In addition, the Azure Active Directory connector "Read Directory Roles" card does not return the role in question, even though the role is a valid built-in role in Entra ID.

Applies To
  • Okta Workflows
  • Azure Active Directory connector
  • Assign Role to User card
Cause

The 404 Not Found error will occur when attempting to assign a role to a user and the role has not been activated in Entra ID. Not all built-in roles in Entra ID are initially activated (as documented in the Microsoft Graph List directoryRoles API). It is a Microsoft requirement that a role must be activated to assign users to it, which is also documented in the Microsoft Graph Activate directoryRole API.

 

Also, note that an error will be returned when attempting to assign a custom role to a user by using the "Assign Role to User" card in workflows, as it does not support custom roles. This is documented in the Azure Active Directory connector Assign Role to User card.

Solution

Activate the role in Microsoft Entra ID using one of the options described in the Microsoft List directoryRoles Graph API documentation:

  1.  Use the Activate directoryRole Graph API.
  2. Assign the role to a user using the Microsoft Entra admin center.

 

Related References

Recommended content

Still looking for help?
Loading
Azure AD Connector "Assign Role to User" Card Fails with a "404 Not Found" Error in Okta Workflows