Azure service principal creation through Graph API

0
votes

I am able to register application by following information provided in Creating Azure AD application and a service principal using .NET Core (the API and HTTP), but when I tried the following endpoint using Postman, I got an Insufficient Privileges error.

As I am able to create an app with the API, I don't believe it is a permission issue.

POST https://graph.windows.net/{{tenant_id}}/servicePrincipals?api-version=1.6

body like this:

{
  "appId":"eb167a6d-aaaa-aaaa-aaaa-46e981be37fa"
}

and getting this error

{
    "odata.error": {
        "code": "Authorization_RequestDenied",
        "message": {
            "lang": "en",
            "value": "Insufficient privileges to complete the operation."
        }
    }
}
1
azure-active-directoryazure-ad-graph-api
Can you please share the details of how you obtained the access token you used to make the API request? - Philippe Signoret

1 Answers

0
votes

Please note that there are two kinds of permissions. Delegated permissions and Application permissions. You can see the difference here.

enter image description here

It depends on the way you used to get the access token. If you get the token without a signed-in user, you need to use application permissions and grant admin consent.