Can't manage Active directory roles even I am a subscription owner

Everton Silva 1 Reputation point
2022-03-14T12:24:45.173+00:00

I am trying to create a new enterprise application on Active directory, but I can't. I am able to select the application but the create button is always disabled. I believe this is because I have a user role inside the Active directory, But I am an owner of the subscription, so I should be able to edit my role in Active Directory so I can create the app

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,889 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Rahul Therayil 86 Reputation points
    2022-03-14T13:21:03.84+00:00

    Hi @Everton Silva

    There are 2 distinctive roles based access control in Azure (Azure RBAC & Azure AD RBAC). Azure RBAC is being used granting you the owner permission in a subscription.

    Please check what is the value on following setting in Azure portal:

    Navigate to Azure Active Directory > In the left pane, select Users > User settings > App registrations

    If set Yes : - User can register application

    If set No : - Although your account is assigned the User role, but the app registration setting is limited to admin users. Please ask your Azure AD administrator to either assign you one of the Azure AD administrator roles that can create and manage all aspects of app registrations.

    In short - Your account needs to be part one of the Azure AD role to register the applications. Different Azure AD roles are available and you can pick the one closest to your requirment. AAD Roles are outlined here

    For more reference : https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#check-azure-ad-permissions

    Best regards,