Introduction
Do you experience issues with importing, editing or creating users? This article will guide you through some basic troubleshooting for manual user management.
Do you experience problems with user management while running the Azure AD synctool or SCIM? Check out the articles:
Self-hosted? From V3.50 we have made some changes to our hosted platform to make user management less prone to error. Make sure the Workspace is up to date to the latest production version and disable the setting "PropagateUserChangesToActiveDirectory".
Errors & Solutions
"Error loading Office 365 users" and/or "AADSTS700082: The refresh token has expired due to inactivity"
Explanation: this error message occurs when you are trying to import users manually from Microsoft 365 (groups).
Solution:
Check if oAuth2 is enabled in Workspace.
You may have to temporarily disable MFA for the admin account.
If you see the error message "AADSTS700082: The refresh token has expired..." in the Workspace logs, it means that the access is expired from the admin. Sign into Microsoft 365 regularly with the admin account to prevent the access token from expiring.
User import option is missing
Explanation: from the Workspace admin setting under 'User management' ('Users & groups'), the option to import users from Office 365 (groups) is not visible in the action bar menu.
Solution: temporarily disable the sync under the User provisioning settings in Workspace, because users cannot be imported when the sync is enabled and running.
Not able to edit, restore or delete users
Explanation: perhaps you want to edit a user or restore a user from the deleted user list? However, this option is not available to you.
Note: If you run the Azure AD synctool, you may want to check out our troubleshooting article for the Azure AD synctool on user synchronization issues.
Solution:
Go to the User provisioning page.
Temporarily disable the sync.
Click 'Done'.
Now, you can for example restore a user from the deleted user list.
If you restore a user, make sure this user is marked as 'Active' (see: Licensing page).
Go back to the User provisioning page.
Enable the sync.
Click 'Done'.
Not able to make a Workspace user administrator
We have dedicated an article to this topic: How to make someone an administrator.
Issues with performing administrative tasks due to UPN change (on-premise)
Explanation: is the UPN of the Global Administrator different in the on-premise AD compared to Microsoft Entra ID (previously called Azure AD)? Then you may run into some problems performing administrative tasks with this user account.
Solution: we recommend keeping the UPN the same, because Workspace may think this administrator does not have sufficient administrative privileges, because the UPN does not match with the on-premise AD.