Insufficient privileges to deploy Azure Service Principal

0
votes

I'm a Microsoft employee and I'm new to Azure. I would like to deploy a Service Principal on my internal Microsoft Azure subscription. Using the Azure CLI, when I run

az ad sp create-for-rbac --name $spn_name

I get the error "Insufficient privileges to complete the operation." The documentation here (https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) makes it seem like I don't have Azure Active Directory configured properly.

I don't have Azure Active Directory on my internal subscription. Do I need to add this? If so, how can I set this up on my Microsoft internal account? Is there a way to create a Service Principal without Azure Active Directory?

3
azureazure-active-directoryservice-principalazure-service-principal

3 Answers

0
votes

Normal user without Admin roles also will be able to create a service principle even with Azure CLI. If the scenario is that you are creating a service principle from an application then you need application permissions. Please go through similar question which helps in fixing your issue.

0
votes

Does not require you to have administrator permissions.

If your account's User type is just a Member in the tenant. Make sure in the portal -> AAD -> User settings -> Users can register applications is Yes.

enter image description here

0
votes

It seems that the issue was that my SP name was not unique. Changing the name solved this problem for me.