Azure Service Principal Creation Permissions

Question

I have Contributor permissions on an Azure Subscription, but I'm unable to create a Service Principal.

I get hit with the error

ServicePrincipalsClient.BaseClient.Post(): unexpected status 403 with OData error: Authorization_RequestDenied: When using this permission, the backing application of the service principal being
│ created must in the local tenant

The documentation says that in order to complete the task of registering an app and subsequently creating a Service Principal, I would require the Application.ReadWrite.All permission, however I can't seem to find this role anywhere and I'm wondering if it might have been renamed, or if I'm just doing the wrong thing altogether.

Does anyone know what permissions are required to create a Service Principal?

Gaurav Mantri · Answer 1 · 2023-08-01T11:33:21.527

2

Service Principal is an Azure AD artifact. In order to create a Service Principal, you would need to ask your Azure AD administrator to grant you Application.ReadWrite.All permission or a role like Application Administrator in Azure AD.

Please ask your Azure AD administrator to go to Azure Portal > Azure AD > Users > Assigned Roles > Add assignments and assign you appropriate Azure AD role.

edited Aug 01 '23 at 11:33

answered Aug 01 '23 at 11:28

Gaurav Mantri

128,066
12
206
241

This is exactly what I was looking for. Thanks a lot. – Metro Aug 01 '23 at 17:02

Azure Service Principal Creation Permissions

1 Answers1