Verifiable Credentials Service Admin Cannot Create Key

John Burke 0 Reputation points
2024-05-07T16:42:09.96+00:00

Trying to set up Verified ID. I assigned RBAC
Key Vault Contributor

  1. And then tried these three in increasing priv order:
    Key Vault Crypto User
  2. Key Vault Crypto Officer
  3. Key Vault Administrator

Waited 5 minutes and still getting the error below.

Caller is not authorized to perform action on resource. If role assignments, deny assignments or role definitions were changed recently, please observe propagation time. Caller: name=Verifiable Credentials Service Admin;appid={id};oid={id};iss=https://sts.windows.net/{id}/ Action: 'Microsoft.KeyVault/vaults/keys/create/action' Resource: '/subscriptions/{id}/resourcegroups/did-rg/providers/microsoft.keyvault/vaults/did-kv/keys/vcsigningkey-{id}' Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: {name;location={location}

Error code: errorCreatingDecentralizedIdentity

Searched and found: https://stackoverflow.com/questions/78045479/caller-is-not-authorized-to-perform-action-on-resource-even-though-i-have-owner

Solution was the Admin role. I tested as owner and couldn't create (correct), added admin and could :(

This question is related to the following Learning Module

Azure Training
Azure Training
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Training: Instruction to develop new skills.
1,032 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Mahesh Goud Juvvadi 680 Reputation points Microsoft Vendor
    2024-05-08T07:42:28.12+00:00

    Hi John Burke,

    Welcome to the Microsoft Q&A forum.

    Based on your question we understand that you are unable to create a Key Vault and Configure organization settings in Verified ID.

    Here are some steps you can take to troubleshoot and resolve the issue:

    1. Search for Verified ID
    2. Create a Key Vault and assign the role as "Key Vault Administrator"
    3. Click on register for the "Configure organization settings" we are able to register as you can see in the following screenshot:
      User's image

    User's image
    Additionally, please refer the mentioned link: Provide access to Key Vault keys

    Kindly follow the remaining steps as guided in the learn path to complete the exercise.

    If the information is helpful, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post. If you are still facing any issue, please let us know in the comments we will be glad to help you.  

    Thank you.