Cannot Create App Registrations

Question

Cannot Create App Registrations

Hasan Özgür Güçlü 0

Hi,
I want to add an app registrations with a service principal auth on command line. But it gives me error below.

Insufficient privileges to complete the operation.

I login on powershell like below

az login --service-principal -u $env:AZUREPORTAL_SERVICEPRINCIPALFORAPP_APPID -p $env:AZUREPORTAL_SERVICEPRINCIPALFORAPP_SECRETVALUE --tenant $env:AZUREPORTAL_TENANTID

my service principal user: apps-ozgur-service-principal

it is Contributor.

User's image

it has these api permissions:

User's image

it has Cloud Application Administrator role

User's image

and users are allowed to register apps

User's image

But still it gives the error.

User's image

Hasan Özgür Güçlü 0 Reputation points

2023-03-30T17:46:16.4633333+00:00

By mistake, I replied again. And I cannot delete my answer. So I changed my duplicate answer with these sentences.

2 answers

Your answer

Hasan Özgür Güçlü 0 Reputation points

2023-03-30T17:46:16.4633333+00:00

By mistake, I replied again. And I cannot delete my answer. So I changed my duplicate answer with these sentences.

Answer 1

Anonymous

Hi Hasan Özgür Güçlü ,The error message "Insufficient privileges to complete the operation" indicates that the service principal does not have the necessary permissions to complete the operation. You can try to grant the service principal the required permissions by assigning the "Owner" role to it.

To assign the "Owner" role to the service principal, you can use the following command:

az role assignment create --assignee <service-principal-object-id> --role Owner

Replace <service-principal-object-id> with the object ID of the service principal. You can find the object ID of the service principal using the following command:

az ad sp show --id <service-principal-app-id> --query objectId

Replace <service-principal-app-id> with the application ID of the service principal.

Please let me know if this works or if you have any questions.

If this answer helped you please mark it as "Verified" so other users can reference it.

Thank you,

James

Hasan Özgür Güçlü 0 Reputation points

2023-03-30T17:46:01.9266667+00:00

Hi @James Hamil
Thank you for your response.
I tried what you wrote.
But the error did not change.

First, this is my service principal:

I copied object id of my service principal

then, I run the command you shared above:

after that, I logged in with this service principal

and finally, i tried to create an app

my current subscription IAM
Anonymous

2023-03-31T22:09:14.5066667+00:00

Hmm, can you send me an email at "azcommunity@microsoft.com" with subject ATTN: James Hamil, and attach your subscription ID? I can open a support ticket to look into your environment.

Best,

James
Hasan Özgür Güçlü 0 Reputation points

2023-04-03T05:54:04.2666667+00:00

Hi James,

I have just sent an email to you.

You can find my subscription Id in the email.

Thanks in advance.

Answer 2

Alexandru Silivestru 0

Hi @James Hamil , Hasan Özgür Güçlü What was the fix for that issue? I encounter the same problem.

Thank you!

Alexandru Silivestru 0 Reputation points

2023-09-12T14:35:29.91+00:00

In my case the issue was due to inability to "Grant Admin consent" for the AD tenant.

Share via

Cannot Create App Registrations

2 answers

Your answer