00uwqxphfHZZCGGKo351.5632069269073962E12 (TPICAP) asked a question.
Hi,
I am receiving the following error "errorCode: E0000006 | errorSummary: You do not have permission to perform the requested action" when updating a custom profile field to a newly added active directory user account.
When the user account is newly imported for the first time. The custom profile field does not have a value therefor when a update it with a value I assume it needs to add the field to the profile in the background but I could be wrong.
If the active directory already has a value set, there is no error and i am free to update without errors.
The permissions of the API account has the roles:
Group Membership Administrator
Help Desk Administrator
Read-only Administrator
Given that the API account has Group Membership Administrator i would have thought it would have the ability to update a profile field using the API but does not seem to work.
Can someone give me some idea of how to grant the correct permissions without needing the Super Administrator role
Regards,
Seng
I think any of the following standard admin roles will do the trick (https://help.okta.com/en-us/Content/Topics/Security/administrators-learn-about-admins.htm):
Another option would be to create a custom admin role and only select the needed permissions under the "Manage users" under the "User Type". https://help.okta.com/en-us/Content/Topics/Security/custom-admin-role/custom-admin-roles.htm