Error: Could not retrieve Global Service Principal ID Error: Error: {}

Question

Error: Could not retrieve Global Service Principal ID Error: Error: {}

Axelle Hillewaere - Savaco 25

When I want to approve the requests in the API Access I get following error: User's image

I followed this article (https://ericschrader.wordpress.com/2020/06/23/sharepoint-online-bad-service-principal-breaks-sharepoint-admin-api-access-global-service-principal-id-error-resolved/) and deleted the “SharePoint Online Client Extensibility Web Application Principal Helper”, but that didn't help.
I currently have the role as SharePoint Administrator (no global admin). Can this be the reason or how can I solve this?

Anonymous

2023-05-12T09:41:54.23+00:00

Thanks for your question.

We are currently looking into this issue and will give you an update as soon as possible.

Thank you for your understanding and support.
Eliot Cole 71 Reputation points

2024-03-28T10:26:10.53+00:00

This is still an issue, even with Application Administrator, or Global Administrator, the issue still occurs.

I'm wondering if the above user has (as I did) installed an app for the first time to SharePoint, which engages it to provision this infrastructure itself. The user provisioning this has ONLY the SharePoint Administrator role, as should be allowable.

With two different users this doesn't work, and I have tried removing the helper app, and then trying the Enable-SPOTenantServicePrincipal command afterwards ... still nothing.

Accepted answer

0 additional answers

Your answer

Anonymous

2023-05-12T09:41:54.23+00:00

Thanks for your question.

We are currently looking into this issue and will give you an update as soon as possible.

Thank you for your understanding and support.
Eliot Cole 71 Reputation points

2024-03-28T10:26:10.53+00:00

This is still an issue, even with Application Administrator, or Global Administrator, the issue still occurs.

I'm wondering if the above user has (as I did) installed an app for the first time to SharePoint, which engages it to provision this infrastructure itself. The user provisioning this has ONLY the SharePoint Administrator role, as should be allowable.

With two different users this doesn't work, and I have tried removing the helper app, and then trying the Enable-SPOTenantServicePrincipal command afterwards ... still nothing.

Answer 1

RaytheonXie_MSFT 40,471 Microsoft External Staff

Hi @Axelle Hillewaere - Savaco

The admin role that's required to approve permissions depends on the API. To approve permissions to any of the third-party APIs registered in the tenant, the application administrator role is sufficient. To approve permissions for Microsoft Graph or any other Microsoft API, the Global Administrator role is required. The API access page is not available for people signed in with the global reader role.

If you have globe admin role, you can go to Azure AD -> Enterprise Applications and remove Application Type as a filter and check if you have following 2 apps

SharePoint Online Client Extensibility Web Application Principal
SharePoint Online Client Extensibility Web Application Principal Helper

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2023-05-18T07:39:30.76+00:00

Hi @Axelle Hillewaere - Savaco

Did the answer help you? If there's anything you'd like to know, don't hesitate to ask.
RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2023-05-26T05:53:42.58+00:00

Hi @Axelle Hillewaere - Savaco

am checking to see if the problem has been resolved.

Share via

Error: Could not retrieve Global Service Principal ID Error: Error: {}

0 additional answers

Your answer