Adding userGrants in Post Creation trigger (external auth flow) fails for Entra
Hi, I'm evaluating Zitadel for SSO and identity brokering. I'm following this guide to set up role authorizations based on information in claims from Entra Id.
I want to achieve something similar as described in questions-help-bugsAdd userGrants in Post Authentication trigger (external auth flow) or https://discord.com/channels/927474939156643850/1255453819286851645 but for Post Creation trigger.
In a nutshell I would like to assign roles to users created by logging in through SSO via MS Entra. After setting up SSO with Entra and verifying that it works I followed the guide linked above but got "Errors.UserGrant.NoPermissionForProject (EVENT-Shu7e)" on UI and following log:
time="2025-08-19T11:01:46Z" level=info auth_req_id=334043235674488835 caller="/home/runner/work/zitadel/zitadel/internal/api/ui/login/renderer.go:353" error="ID=EVENT-Shu7e Message=Errors.UserGrant.NoPermissionForProject"
This message doesn't make sense to me as setting up authorization for this project is exactly what I'm trying to do in the action. Could you point me to some specific troubleshooting steps for this error? The user gets created but is not assigned to the project with any role. I'm running self hosted v4.0.2.
Thanks in advance!
I want to achieve something similar as described in questions-help-bugsAdd userGrants in Post Authentication trigger (external auth flow) or https://discord.com/channels/927474939156643850/1255453819286851645 but for Post Creation trigger.
In a nutshell I would like to assign roles to users created by logging in through SSO via MS Entra. After setting up SSO with Entra and verifying that it works I followed the guide linked above but got "Errors.UserGrant.NoPermissionForProject (EVENT-Shu7e)" on UI and following log:
time="2025-08-19T11:01:46Z" level=info auth_req_id=334043235674488835 caller="/home/runner/work/zitadel/zitadel/internal/api/ui/login/renderer.go:353" error="ID=EVENT-Shu7e Message=Errors.UserGrant.NoPermissionForProject"
This message doesn't make sense to me as setting up authorization for this project is exactly what I'm trying to do in the action. Could you point me to some specific troubleshooting steps for this error? The user gets created but is not assigned to the project with any role. I'm running self hosted v4.0.2.
Thanks in advance!
