Why doesn't an Application Owner have permission to land on Single-Sign on page?

Akshay K V 1 Reputation point
2020-04-07T17:16:34.683+00:00

I'm an Owner to the application registered in Azure AD. I get "No Access"; error when I try to configure SSO.

7231-screenshot-from-2020-04-07-22-40-55.png

What I also find strange is that, when I try to open the Single-sign on page it hits the below URL and I get the response as follows.

Why does Azure have to check my permissions for Application Proxy when I'm trying to open SSO page?

URL: https://main.iam.ad.ext.azure.com/api/ApplicationProxy/Applications/318ca569-e1fe-400d-bfa5-c7dd43a00d11
Response: {"ClassName":"Microsoft.Portal.Framework.Exceptions.ClientException","Message":"Graph call failed with httpCode=Forbidden, errorCode=NotAdminRoleNoEnoughCustomPermission_UnauthorizedAccess, errorMessage=Unauthorized Access., reason=Forbidden, correlationId = e125bfa1-5615-4617-9ea2-9f45fba5300e.","Data":{},"HResult":-2146233088,"XMsServerRequestId":null,"Source":null,"HttpStatusCode":403,"ClientData":{"errorCode":"Forbidden","localizedErrorDetails":null,"operationResults":null,"timeStampUtc":"2020-04-07T17:09:53.686276Z","clientRequestId":"e125bfa1-5615-4617-9ea2-9f45fba5300e","internalTransactionId":"6bc02fe1-15c7-499d-b45c-36b4d6e84f46","tenantId":"5d471751-9675-428d-917b-70f44f9630b0","userObjectId":"ac5f9f20-b9f4-4ea9-8439-5e96798793aa","exceptionType":"MsGraphException"}}

7221-screenshot-from-2020-04-07-22-40-42.png

7165-screenshot-from-2020-04-07-22-40-29.png

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,603 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anuj Rana 206 Reputation points
    2020-04-07T20:32:29.267+00:00

    If i understood this correctly , when you login to portal.azure.com , you are no longer able to access Azure AD blade which contains Applications. If this is correct, then it means that ur Global admin has restricted access to Azure AD to admin users only. Owners of app doesn’t qualify for required privileges. You will need application admin role to manage ur app on portal. Alternatively you can try to manage applications (upto an extent ) using PowerShell.