Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation

10
votes

I am trying to setup Azure DevOps 'Release' Pipeline, when I am trying to add Azure Resource Manager service Connection, I am getting error like 'Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation. For troubleshooting refer to link. '

enter image description here

My Organization assigned me an Azure Professional Subscription account. When I click the Active Directory, I am getting error like 'Access denied. You do not have access. Looks like you don't have access to this content. To get access, please contact the owner.'

What sort of user role, the organization needs to assign to me so that I can setup the Azure DevOps Release Pipeline.

enter image description here

  • The company can't give me the role as global administrator or user account administrator to ADFS, because of security reason. What is the appropriate ADFS user role permission my company should assign to me ?
3
azureazure-devopsazure-active-directory
You don't need a role in ADFS. You need a role in Azure AD. Creating apps can be allowed for regular users, or you can be made into a restricted admin role. I cannot recall off the top of my head which one's allow what Azure DevOps needs.juunas
@junnas,I believe if he needs to have Owner access to the Subscription in which he is trying to setup Azure DevOps 'Release' Pipeline.tom
You can refer the document docs.microsoft.com/en-us/azure/devops/pipelines/release/… for detail troubleshooting stepsMarina Liu
Yes I am trying to setup DevOps 'Release' Pipeline. I looked into the link, but it says 'account should be an owner, global administrator, or user account administrator', my organization is not ready to provide the such permission for security reasons, how to over come this ?Sivalingaamorthy
Finally I came to know, with Azure 'Free Trial' it is not possible, I need to have Professional or Enterprise subscription. Thanks for your inputs.Sivalingaamorthy

3 Answers

10
votes

There's no way to do this without being a Global Admin or Owner on the Azure Active Directory tenant. You need to request access from your organization or else make your own account with your own subscription and publish the application there.

1
votes

See the link, last error https://docs.microsoft.com/en-us/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops&viewFallbackFrom=vsts

This error is coming because you do not have sufficient privileges in your AAD, you do not have Write permission for the selected Azure subscription when the system attempts to assign the Contributor role.

0
votes

It worked for me when I tried to create my own new AD, and then I move the subscriptions I got from the company to this AD (it is just for dev and test). If you want it to work on production, maybe you should ask the administrator to create a new app registration for you and he should grant all permission to you inside this app (I guess). Best regards, Tai.