Can't get the management client (node) to connect: "Client is not authorized to access"

I’m trying to perform some management actions (create users etc). I cannot get it to connect. The following gives me an {"access_denied","error_description":"Client is not authorized to access \\"https://myaccount.eu.auth0.com/api/v2/\\". You might probably want to create a \\"client-grant\\" associated to this API. See: https://auth0.com/docs/api/v2#!/Client_Grants/post_client_grants"},

const { ManagementClient } = require("auth0");

var management = new ManagementClient({
  domain: "myaccount.eu.auth0.com",
  clientId: "XXX",
  clientSecret: "XXX",
});

management
  .getUsers()
  .then((result) => {
    console.log(result);
  })
  .catch((err) => {
    console.error(err);
  });

“Grant Types” has client credentials enabled in the advanced settings:

I’ve also tried with the additional settings audience: "my-api-identifier" (which gives “401 Invalid token”) and scope: "read:users update:users create:users" (which gives "{"error":"access_denied","error_description":"Client has not been granted scopes: read:users, update:users, create:users"}')

Do I have to connect to the “SYSTEM API” to be able to read/create users?