Authorization Error – Unsupported Token or Access Forbidden

Error: Authorization Error – Unsupported Token or Access Forbidden

When the error is for a specific tenant:

This error means that your Sync 365 account does not have the required permissions to connect to the customer tenant.

Cause: Your GDAP relationship may be missing the appropriate roles, or your account is not in the correct security group tied to the relationship.

Resolution

Check and resolve your partner relationship configuration:

• Ensure the GDAP relationship exists for the customer tenant
• Confirm that the security group used in the GDAP relationship includes your Sync 365 delegated admin account
• Make sure the security group has the following roles:
  • Application Administrator
  • Global Reader

Step-by-step instructions here: Checking your GDAP relationship

When the error is for Partner Center Tenant Update:

This can be caused if the delegated admin user does not have access to the Microsoft Partner Center, or during the grant partner center consent, MFA was not prompted.

When MFA is not prompted in this process the Partner Center will refuse the connection.

Resolution

Ensure MFA is enabled and enforced on the account, then:

1. From your Sync 365 dashboard, navigate to the Customers tab.

2. Click the Delegated Admin tab.

3. Click on Add > “Grant Partner Center Consent”
   

4. You will be prompted to log in to Office 365 using the Partner Center account created in Step 1.

   1. You may need a Global Admin to approve the app if restricted in your environment.

   2. Ensure you are prompted for MFA during this process, otherwise Microsoft will block the connection.

      1. Select "Consent on behalf of your organization"
      2. Click on “Accept” to grant consent.