Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation

I am trying to setup Azure DevOps 'Release' Pipeline, when I am trying to add Azure Resource Manager service Connection, I am getting error like 'Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation. For troubleshooting refer to link. '

enter image description here

My Organization assigned me an Azure Professional Subscription account. When I click the Active Directory, I am getting error like 'Access denied. You do not have access. Looks like you don't have access to this content. To get access, please contact the owner.'

What sort of user role, the organization needs to assign to me so that I can setup the Azure DevOps Release Pipeline.

enter image description here

  • The company can't give me the role as global administrator or user account administrator to ADFS, because of security reason. What is the appropriate ADFS user role permission my company should assign to me ?
like image 728
Sivalingaamorthy Avatar asked Sep 17 '18 11:09

Sivalingaamorthy


3 Answers

It worked for me when I tried to create my own new AD, and then I move the subscriptions I got from the company to this AD (it is just for dev and test). If you want it to work on production, maybe you should ask the administrator to create a new app registration for you and he should grant all permission to you inside this app (I guess). Best regards, Tai.

like image 105
Tai T Huynh Avatar answered Sep 21 '22 19:09

Tai T Huynh


There's no way to do this without being a Global Admin or Owner on the Azure Active Directory tenant. You need to request access from your organization or else make your own account with your own subscription and publish the application there.

like image 15
Marilee Turscak - MSFT Avatar answered Nov 09 '22 00:11

Marilee Turscak - MSFT


You need to have the Application Administrator role in the AD in order to create the service connections. After, enabling the Application Administrator role from the Azure Active Directory roles, I was able to create the service connection properly.

Here, I have the eligible permission enabled.

We are trying to create a service connection named, xyz-serviceconn-verify. Without any error message, now I could create service connections.

Without any error message, now I could create service connections.

Here, you could see the created service connection, xyz-serviceconn-verify. Here, you could see the created service connection.

Good Luck :)

like image 4
Aswin P.M Avatar answered Nov 09 '22 00:11

Aswin P.M