Service principal privileges for app registration creation

5
votes

I'm using service principal as login item for azure cli. The role of this service principal is "owner".

I'm trying to run:

az ad app list

and

 az ad app create --display-name "Test application 2"

and getting error:

Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.

What role should I assign to this service principal?

1
azureazure-active-directoryazure-cliservice-principal

1 Answers

5
votes

Your service principal is missing permissions related to reading and writing applications in Azure AD.

  1. Go to your Azure AD, "Registered applications"
  2. Find your service principal (may need to look at all applications instead of just my)
  3. Add required permissions as shown below:

enter image description here

enter image description here

Once you've selected the right permissions and done. Please click on "Grant Permissions" because these permissions need Admin consent.

enter image description here