Menu
I have an Azure subscription in which I have all the resources for my web application. I have created another ActiveDirectory tenant, defined a AD Application in the tenant, and set it up as the authentication provider for my AppService. Now, I want to create a KeyVault resource in my subscription and give my AD Application access to the KeyVault.
The Azure KeyVault documentation says to run the following PS command:
Set-AzureRmKeyVaultAccessPolicy -VaultName <KVName> -ObjectId <ClientId> -PermissionsToKeys get
However, this returns the following error:
Cannot find the Active Directory object '<ClientId>' in tenant '<MyDefaultTenantId>'
The issue seems to be that my KV is not in the same AD tenant as my AD application, but Set-AzureRmKeyVaultAccessPolicy command does not seem to have a TenatId argument.
Is there any way I can achieve what I want? Do I have to move my AD application to my default AD tenant?
967
No. A key vault will accept identities only from the tenant it is in.
154
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
