Unable to use a Service Principal with API privileges to create new app registrations.

Desmond Sindatry 46 Reputation points
2023-05-26T15:46:24.34+00:00
  1. My service principal has been granted all these API permissions including Application.ReadWrite.All (pic below). Then I tried the below steps to create a new app registration

az login --service-principal --tenant xxxx-3625-45b3-a430-9552373a0c2f -u xxxx-eb3b-4864-9512-5f403b41a037 -p xxxxx

az account set --subscription sas-ssod-sdmgt

az ad app create --display-name mas-observability-dev-hmr --available-to-other-tenants false

ERROR: Insufficient privileges to complete the operation.

What else am i missing ? How will the az ad app create using that service principal ?

User's image

Report a concern

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,501 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2023-05-27T06:33:00.8166667+00:00

    Hello @Desmond Sindatry , in order to be able to create Azure AD app registrations the principal (user or application/service) must belong to an Azure AD role that posses the microsoft.directory/applications/create permission such as the Cloud Application Administrator role. Follow the steps detailed in Assign a role but selecting a service principal instead of a user.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments No comments