Service principal privileges for app registration creation

Question

I'm using service principal as login item for azure cli. The role of this service principal is "owner".

I'm trying to run:

az ad app list

and

 az ad app create --display-name "Test application 2"

and getting error:

Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.

What role should I assign to this service principal?

Rohit Saigal · Accepted Answer · 2018-10-26T19:19:53.000

5

Your service principal is missing permissions related to reading and writing applications in Azure AD.

Go to your Azure AD, "Registered applications"
Find your service principal (may need to look at all applications instead of just my)
Add required permissions as shown below:

Once you've selected the right permissions and done. Please click on "Grant Permissions" because these permissions need Admin consent.

edited Oct 26 '18 at 19:19

answered Oct 26 '18 at 18:42

Rohit Saigal

9,317
2
20
32

1

@Dzior you're welcome. Glad to know it worked out :) – Rohit Saigal Nov 01 '18 at 01:20

Service principal privileges for app registration creation

1 Answers1

Linked