Reputation: 1101
Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation
I am trying to setup Azure DevOps 'Release' Pipeline, when I am trying to add Azure Resource Manager service Connection, I am getting error like 'Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation. For troubleshooting refer to link. '
My Organization assigned me an Azure Professional Subscription account. When I click the Active Directory, I am getting error like 'Access denied. You do not have access. Looks like you don't have access to this content. To get access, please contact the owner.'
What sort of user role, the organization needs to assign to me so that I can setup the Azure DevOps Release Pipeline.
- The company can't give me the role as global administrator or user account administrator to ADFS, because of security reason. What is the appropriate ADFS user role permission my company should assign to me ?
Upvotes: 31
Views: 54467
Answers (4)
Reputation: 561
You need to have the Application Administrator role in the AD in order to create the service connections. After, enabling the Application Administrator role from the Azure Active Directory roles, I was able to create the service connection properly.
We are trying to create a service connection named, xyz-serviceconn-verify. Without any error message, now I could create service connections.
Here, you could see the created service connection, xyz-serviceconn-verify.
Good Luck :)
Upvotes: 9
Reputation: 21
It worked for me when I tried to create my own new AD, and then I move the subscriptions I got from the company to this AD (it is just for dev and test). If you want it to work on production, maybe you should ask the administrator to create a new app registration for you and he should grant all permission to you inside this app (I guess). Best regards, Tai.
Upvotes: 1
Reputation: 51
See the link, last error https://learn.microsoft.com/en-us/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops&viewFallbackFrom=vsts
This error is coming because you do not have sufficient privileges in your AAD, you do not have Write permission for the selected Azure subscription when the system attempts to assign the Contributor role.
Upvotes: 2
Reputation: 7728
There's no way to do this without being a Global Admin or Owner on the Azure Active Directory tenant. You need to request access from your organization or else make your own account with your own subscription and publish the application there.
Upvotes: 16
Related Questions
- Azure AD app Need admin approval error: App needs permission to access resources in your organization that only an admin can grant
- What privilege's do need to create Azure Active Directory App?
- failed to create an app in azure active directory - insufficient privileges
- I created new Azure App but it keep showing error message Need admin approval
- az ad app permission add - Insufficient privileges to complete the operation
- Insufficient privileges to complete the operation - PowerShell Creating Azure Ad Apps fails
- Azure DevOps, unable to create pipeline due to insufficient AD permission
- Azure CLI for app registration creation from Azure DevOps - Insufficient privileges
- Azure App registration: "Delegated permission" is disabled
- Azure AD: Failed to grant permission for application