Could not grant admin consent. Your organization does not have a subscription (or service principal) for the following API(s): Azure Rights Management Services

Matt Ray 11 Reputation points
2020-08-12T20:57:31.73+00:00

I'm getting this error when I try to add ARMS to my API Permissions for an App I am creating. I'm just adding User Impersonation.

I'm using a trial account (with a credit card) to see if I can get Azure Active Directory to work with my Privileged Identity Server and sync the two directories. Does anybody know why I am running into this limitation? Is it simply because I'm using the "free" version? I am logged in as the Global Administrator. Why show me an API Permission to add if I can't add it? It would be better to not even show it to me as an option. I am being told that I need to have ARMS in order for this to work properly.

Thanks in advance. This is the only thing holding me up. If I need to get a pay-as-you-go account I will.

Matt Ray
BeyondTrust

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,254 questions
0 comments No comments
{count} vote

4 answers

Sort by: Most helpful
  1. Matt Ray 11 Reputation points
    2020-08-12T22:32:45.257+00:00

    I have now upgraded to the Pay-As-You-Go version and I'm still getting the same error. So I'm assuming it doesn't have anything to do with licensing.

    1 person found this answer helpful.
    0 comments No comments

  2. Marilee Turscak-MSFT 37,141 Reputation points Microsoft Employee
    2020-08-12T23:56:02.587+00:00

    It's possible that you're trying to access certain objects from an account that is unable to gain access to them. https://learn.microsoft.com/en-ca/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

    Sign in using an account that:

    1. Has an Owner role assignment for the subscription. For information about how to assign the Owner role, see RBAC role assignments.
    2. Exists in both the current directory that's associated with the subscription and in the new directory that's where you want to associate the subscription going forward.
    0 comments No comments

  3. Matt Ray 11 Reputation points
    2020-08-13T03:50:34.773+00:00

    Sorry, new to Azure. Is a Global Administrator not an Owner? It's a brand new account. All I've done so far is create an instance of Active Directory. That's it. Then I added an app and attempted to add permissions to that app.

    0 comments No comments

  4. James Hamil 26,986 Reputation points Microsoft Employee
    2020-08-31T19:10:02.857+00:00

    Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.