Share via

Unable to Renew API Connection Authorization in Logic App with Non-People Account

Lianpeng Sun 40 Reputation points Microsoft Employee
2026-03-17T08:56:26.08+00:00

Hello Azure Support Team,

We are experiencing an issue when attempting to renew the authorization for an API connection associated with a Logic App.

  • The error message we receive is:
You don’t have access to this.

The account used for authorization is a Non-People Account, previously able to successfully renew authorization without issues.

This issue is blocking our ability to maintain the Logic App’s connection. Could you please advise why this Non-People Account is no longer able to renew the authorization, and what steps are required to resolve this?

Screenshot of the authorize error is below.image

Thank you for your assistance.

Azure Logic Apps
Azure Logic Apps

An Azure service that automates the access and use of data across clouds without writing code.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Kumar Gudipudi 2,275 Reputation points Microsoft External Staff Moderator
    2026-03-17T09:16:52.5066667+00:00

    Hello Lianpeng Sun,

    The error “You don’t have access to this” (Error Code: 53003) indicates that the sign-in was successful, but access is being blocked by a policy—most commonly a Conditional Access policy in Azure AD (Microsoft Entra ID).

    The policy may require conditions like:

    Compliant or managed device

    Specific network/location

    MFA (which service accounts cannot satisfy)

    1. Exclude the account from Conditional Access (quick fix)

    Work with your Entra ID admin to:

    Review Conditional Access policies affecting this app/account

    Add an exclusion for <removed PII>@microsoft.com

    Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.

     

  2. Q&A Assist
    2026-03-17T08:56:43.88+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The behavior indicates an authorization/identity problem on the connection rather than a Logic Apps runtime issue. Based on the available information, the supported remediation is to reauthorize or recreate the connection using a valid identity and ensure the correct access policies are in place.

    Use the following steps:

    1. Verify the non‑people account status
      • Confirm in Microsoft Entra ID that the non‑people account used for the connection is:
        • Not deleted or disabled.
        • Not blocked by Conditional Access or DLP policies.
      • If the account was deleted or disabled, any connections it owns become invalid. Another user with access must reauthorize the connection to update ownership and restore functionality.
    2. Check for password or token issues
      • If the non‑people account’s password was changed, expired, or reset, existing tokens for the connection are invalid.
      • In that case, edit the existing API connection in the Azure portal and re‑sign in, or create a new connection using the updated credentials.
    3. Check Microsoft Entra ID configuration and Conditional Access
      • If tenant‑level changes were made (MFA requirements, device compliance, location restrictions, or other Conditional Access policies), the non‑people account might no longer satisfy those requirements, causing token issuance to fail and resulting in access errors.
      • Work with the tenant administrator to:
        • Review Conditional Access and DLP policies.
        • Ensure the non‑people account is allowed to sign in and obtain tokens.
        • Reauthorize the connection after any policy changes.
    4. Confirm device and DLP conditions
      • If policies require a domain‑joined or compliant device, and the non‑people account is being used in a context that does not meet those conditions, token issuance can be blocked.
      • The tenant admin should verify:
        • No DLP or Conditional Access policy is blocking the connector or this account.
        • Any required device compliance or Intune enrollment conditions are satisfied.
    5. Reauthorize or recreate the connection
      • In the Logic App’s API connection resource (Microsoft.Web/connections):
        • Try Edit API connection and reauthorize with a valid identity that meets all Entra ID and Conditional Access requirements.
        • If reauthorization fails, create a new API connection using either:
          • A service principal/managed identity (recommended for non‑people scenarios where possible), or
          • Another suitable account that is allowed to sign in and is not subject to blocking policies.
      • Ensure the Logic App uses the new or reauthorized connection.
    6. Consider managed identity for long‑term stability
      • For Logic Apps that access protected Azure resources, use a managed identity and configure the API connection to authenticate with that identity. This avoids password expiry and many user‑based Conditional Access issues.
      • When using managed identity, ensure the Microsoft.Web/connections resource has an access policy that includes the correct object ID and tenant ID for the identity.

    If the non‑people account has been disabled or its use is now restricted by policy, the durable fix is to move the Logic App connection to a supported identity (service principal or managed identity) and reauthorize the connection under that identity.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.