Trying to perform an az cli
login using a Service Principal and it is throwing an error stating No subscriptions found for <Service_Principal_AppId>. If this is expected, use '--allow-no-subscriptions'
. This code has worked fine previously but now it does not appear to work any longer. Command line being used is below:
$sp_appid = (Get-AzureRmADServicePrincipal -DisplayName $spDisplayName).ApplicationId.Guid
$sp_secret = (Get-AzureKeyVaultSecret -VaultName $kvName -Name $appKeySecretName).SecretValueText
az login --service-principal --username $sp_appid --password $sp_secret --tenant $tenant_Id
I verified that the Service Principal is assigned the Contributor
role at the subscription level.
To fix this issue: Make sure that the correct Azure directory is selected by selecting your account at the top right. If the right Azure directory is selected but you still receive the error message, assign the Owner role to your account.
I can sign in, but I see the error, No subscriptions foundThis problem occurs if you selected at the wrong directory, or if your account doesn't have sufficient permissions. To fix this issue: Verify that the correct Azure directory is selected by selecting your account at the top-right corner.
You must now specify the subscription to work in by using the --subscription or --scope parameter in your command. To see the subscription you're currently using or to get a list of available subscriptions, run the az account show or az account list command.
After creating a service principal in the Azure Active Directory
you need to give this new user some roles within a subscription:
Access Control (IAM)
roles assignment
(for instance make your service principal contributor
)Then az login
should work.
Actually, I don't recommend you to mix the Azure Powershell and CLI together. If you insist on doing it, I have tried your script, I could not reproduce your issue, it works fine.
According to the error, you could try to pass a --subscription
, it also works.
$sp_appid = (Get-AzADServicePrincipal -DisplayName joywebapp2).ApplicationId.Guid
$sp_secret = (Get-AzKeyVaultSecret -VaultName joykeyvault1 -Name joywebapp2).SecretValueText
$tenant_Id = "xxxxxxxxxxxx"
$subscription_Id = "xxxxxxxxxxx"
az login --service-principal --username $sp_appid --password $sp_secret --tenant $tenant_Id --subscription $subscription_Id
Note: Due to the AzureRM
powershell module has been deprecated, I use the new Az
powershell module, if you want to upgrade to Az, see this link. (It may not be the reason of the issue, but I recommend you to upgrade it.)
Update:
We have to use AZ CLI simply for the property we are trying to grab...there is no PowerShell equivalent.
Actually you can login with a service principal via powershell, the strong password
is the secret, more details see this post.
$azureAplicationId ="Azure AD Application Id"
$azureTenantId= "Your Tenant Id"
$azurePassword = ConvertTo-SecureString "strong password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Add-AzureRmAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With