Azure AD Verifiable Credential Unable to Access Keyvault with given credentials

Mehmet Bicak 16 Reputation points
2022-06-08T13:52:16.627+00:00

After configuring Verifiable Credentials using tutorials https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant and https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer, I tried sample node and dotnet application to create our first sample VC.
https://github.com/Azure-Samples/active-directory-verifiable-credentials-node
https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet

I am able to run the application. After clicking the Get Credential button I see the QR code, but if QR code is read by Microsoft Authenticator app, I am getting the Unable To Access KeyVault resource with given credentials error(Error Code: 403).

As you see from the configuration I have no firewall access limit policy, so Traffic from all public networks can access this resource.
Network policy
I have also added key vault access policy needed. But still I have the same issue.
Azure portal -> Go to key vault settings -> Access policies -> Add access policies -> User -> Select account -> Add key permissions.

Everything seems Ok but I am still getting the Unable to Access Keyvault with given credentials exception. I read all documentation but could not find any solution yet.

Issuer QR Code

Access to Keyvault Error

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,126 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,652 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2022-06-14T13:00:36.757+00:00

    Try adding the following Service Principals "bb2a64ee-5d29-4b07-a491-25806dc854d3" and "3db474b9-6a0c-4840-96ac-1fceb342124f" to the KeyVault access policies. Once you add the Service principals mentioned above, under Key Permissions, select Get and Sign for both of them. That should get you rid of that key vault error on the Authenticator app.

    211317-image.png

    4 people found this answer helpful.
  2. Mehmet Bicak 16 Reputation points
    2022-06-17T10:25:58.45+00:00

    Thank you all,
    We have already tried adding the following Service Principals "bb2a64ee-5d29-4b07-a491-25806dc854d3" and "3db474b9-6a0c-4840-96ac-1fceb342124f" to the KeyVault access policies. But it did not work.
    I'm not sure what the real problem was but after deleting all credentials and services we started from scratch and now it works.

    1 person found this answer helpful.
    0 comments