Hi @Studer Christian • Thank you for reaching out.
As specified in the Azure AD built-in roles document, below are the Directory Roles that have permissions to create service principals.
- Application Administrator
- Application Developer
- Cloud Application Administrator
- Directory Synchronization Accounts
- Hybrid Identity Administrator.
In order to get access to any of these roles, you need to ask the Global Administrator of your tenant to assign the current account with one of the above roles. I would suggest you choose to go with the Cloud Application Administrator role as it is the least privileged role out of all five roles and includes permissions to create service principals as well. For this purpose, you need to navigate to:
Azure portal > Azure Active Directory > Roles and Administrators> Cloud Application Administrator > Assignments > Add Assignments > Add required user.
If the global administrator of your tenant has configured PIM and made you eligible for one of these roles, you can activate the role by yourself as well. the instructions are documented here: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-activate-role
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.