I tried to create app registration in Azure AD with Azure CLI from Azure DevOps pipeline. Thanks to the task AzureCLI@2 (preview). But it's giving below error.
"az : ERROR: Insufficient privileges to complete the operation."
However when I run this script from Azure portal Cloud Shell, it works fine.
Do you have any idea about how to fix that?
Thank you
However when I run this script from Azure portal Cloud Shell, it works fine.
In azure cloud shell, it uses the credential of the user account which you logged in to the cloud shell. If it works, it just means your user account has permission to create the AD App(App registration).
Do you have any idea about how to fix that?
When you create the Azure Resource Manager service connection to use the AzureCLI@2 (preview), the system will create an AD App for you automatically, check this link.
If you use this service connection with AzureCLI@2 (preview), it will use the credential of the service principal of the AD App in your tenant. For the concept of service principal and AD App, see this link.
To fix the issue, navigate to the Azure Active Directory in the portal -> App registrations -> All applications -> find the application corresponding to the service connection, its name should be like organizationname-projectname-513f22f1-befd-xxxxxxcfe90f1. Then click it -> add the permission like the screenshots(Note: your user account need the admin role to click the Grant admin consent button, e.g. Global admin ).
After granting the permission, wait for a while, the service principal of the service connection will be able to create the AD App, the Azure CLI task should work fine.
service connectionyou selected inAzureCLI@2 (preview)task dropdown has permissions to create App Registration. – Venky