Authorization Error – Unsupported Token or Access Forbidden

Modified on Sat, 3 May at 5:23 AM

Error: Authorization Error – Unsupported Token or Access Forbidden

When the error is for a specific tenant:

This error means that your Sync 365 account does not have the required permissions to connect to the customer tenant.



Cause: Your GDAP relationship may be missing the appropriate roles, or your account is not in the correct security group tied to the relationship.

Resolution

Check and resolve your partner relationship configuration:

  • Ensure the GDAP relationship exists for the customer tenant
  • Confirm that the security group used in the GDAP relationship includes your Sync 365 delegated admin account
  • Make sure the security group has the following roles:
    • Application Administrator
    • Global Reader

Step-by-step instructions here: Checking your GDAP relationship


When the error is for Partner Center Tenant Update:

This can be caused if the delegated admin user does not have access to the Microsoft Partner Center, or during the grant partner center consent, MFA was not prompted.

When MFA is not prompted in this process the Partner Center will refuse the connection.


Resolution

Ensure MFA is enabled and enforced on the account, then:

  1. From your Sync 365 dashboard, navigate to the Customers tab.

  2. Click the Delegated Admin tab.

  3. Click on Add > “Grant Partner Center Consent”
  4. You will be prompted to log in to Office 365 using the Partner Center account created in Step 1.

    1. You may need a Global Admin to approve the app if restricted in your environment.

    2. Ensure you are prompted for MFA during this process, otherwise Microsoft will block the connection.

      1. Select "Consent on behalf of your organization"
      2. Click on “Accept” to grant consent.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article