Unable to use a Service Principal with API privileges to create new app registrations.

Desmond Sindatry 46 Reputation points
  1. My service principal has been granted all these API permissions including Application.ReadWrite.All (pic below). Then I tried the below steps to create a new app registration

az login --service-principal --tenant xxxx-3625-45b3-a430-9552373a0c2f -u xxxx-eb3b-4864-9512-5f403b41a037 -p xxxxx

az account set --subscription sas-ssod-sdmgt

az ad app create --display-name mas-observability-dev-hmr --available-to-other-tenants false

ERROR: Insufficient privileges to complete the operation.

What else am i missing ? How will the az ad app create using that service principal ?

User's image

Report a concern

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,501 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2023-05-27T06:33:00.8166667+00:00

    Hello @Desmond Sindatry , in order to be able to create Azure AD app registrations the principal (user or application/service) must belong to an Azure AD role that posses the microsoft.directory/applications/create permission such as the Cloud Application Administrator role. Follow the steps detailed in Assign a role but selecting a service principal instead of a user.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments No comments