Error while creating service principal using power shell

Mohapatra, Swetapadma 21 Reputation points
2022-06-15T05:28:38.137+00:00

Hi Everyone,

I am following the steps provided in below url to post query json to Core SQL API resource "https://test-acct1.documents.azure.com:443" .
https://jd-bots.com/2020/06/18/call-azure-rest-api-using-postman/.
While following the steps to create service principal in powershell,error received is :
~$ az ad sp create-for-rbac -n "SvcPrincipal1" This command or command group has been migrated to Microsoft Graph API. Please carefully review all breaking changes introduced during this migration: https://learn.microsoft.com/cli/azure/microsoft-graph-migration A Cloud Shell credential problem occurred. hostname 'cc-d426acb4-84468cbf57-q94r5'.
Kindly advice on how to get the bearer token as my azure active directory is showing 403 error and above error is showing while creating service principal .

Thanks and Regards
Swetapadma

Thanks and Regards
Swetapadma

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,763 questions
No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 26,616 Reputation points Microsoft Employee
    2022-06-15T23:16:38.71+00:00

    @Mohapatra, Swetapadma
    Thank you for your detailed post!

    Error Message:
    az ad sp create-for-rbac -n "SvcPrincipal1": This command or command group has been migrated to Microsoft Graph API. Please carefully review all breaking changes introduced during this migration: https://learn.microsoft.com/cli/azure/microsoft-graph-migration A Cloud Shell credential problem occurred. hostname 'cc-d426acb4-84468cbf57-q94r5'.

    From your error and depending on how long you've had your Cloud Shell session open, you might have to restart Cloud Shell/ refresh your page to resolve the credential issue. If you're still having issues, you'll have to make sure your user has sufficient permissions to register an application within your Azure AD tenant and assign the application a role in your Azure subscription.

    For Azure AD permissions, if you have the User role, you'll have to make sure that non-administrators can register applications. When it comes to Azure subscription permissions, you'll need Microsoft.Authorization/*/Write access to assign a role to an Azure AD app. This action is granted through the Owner role or User Access Administrator role. For more info.
    211777-image.png

    After making sure your Cloud Shell session is current and that your user has the correct permisisons, you should be able to run az ad sp create-for-rbac -n "SvcPrincipal1".
    211738-image.png

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


2 additional answers

Sort by: Most helpful
  1. Limitless Technology 37,351 Reputation points
    2022-06-15T15:25:34.247+00:00

    Hello,

    Thank you for your question and reaching out. I can understand you are having issues related to Azure CLI SPN.

    az ad manage Azure Active Directory Graph entities needed for Role Based Access Control. And it is still using AD Graph API but not the new Microsoft Graph API.

    You could call Microsoft Graph API with az rest in Azure CLI,

    Since Microsoft Graph Service Principal API is GA, we recommend using az rest instead of az ad for the time being until we fully migrate az ad to Microsoft Graph.

    Reference:

    https://techcommunity.microsoft.com/t5/azure-tools-blog/azure-ad-to-microsoft-graph-migration-for-azure-command-line/ba-p/2836666

    --------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    No comments

  2. Mohapatra, Swetapadma 21 Reputation points
    2022-06-17T04:22:03.84+00:00

    Thanks a lot for your clear explanation on this issue .
    As per your recommendation ,I verified User settings and it is not accessible due to permission issue.
    Below is the screenshot .
    Kindly let me know who is the right person to grant me access .

    212313-image.png

    212306-image.png

    No comments