Reputation: 119
Create service principal from azure cli
I am trying to create a service principal from azure cli.
az login --service-principal -u servicePrincipalGuid -p spPassword --tenant tenantGuid
az ad sp create-for-rbac --skip-assignment
It works if i assign to the service principal Global administrator but it does not work with the Application Administration which according to the documentations should be sufficient.
I am wondering what roles/permissions are needed to be able to create a service principal without global administrator?
Upvotes: 0
Views: 2038
Answers (1)
Reputation: 42043
I can reproduce your issue, it is really weird, based on my knowledge, the Application administrator role should work.
The command az ad sp create-for-rbac --skip-assignment creates the app registration successfully, but it can't create the corresponding service principal. Even if I test with the command below to create service principal for the app.
az ad sp create --id '<object-id of the app registration>'
or powershell
New-AzureADServicePrincipal -AppId <object-id of the app registration>
I am wondering what roles/permissions are needed to be able to create a service principal without global administrator?
If you just want to let the command work without the global admin, you could add Application.ReadWrite.All permission of Azure Active Directory Graph like below, then it will work.
Upvotes: 2
Related Questions
- How do I retrieve the service principal password after creation using the azure cli?
- azure permission to create "service principal"
- Enumerating Azure service principal using cli
- Automating the creation of service principal in Azure in a customer account
- shell script to create azure service principal using certificate
- Create Azure Service Principal for Service App using the CLI
- Azure AD - create a new Service Principal programmatically
- creating service principal in azure with certificate
- Service principal credentials, set custom identifier?
- AzureAD powershell New Service Principal