Azuread_application as Service Principal

emacdona · May 27, 2020, 9:25pm

I’m trying to use “azuread_application” to create a service principal, and the user I’m authenticating as is another service principal. The documentation here: https://www.terraform.io/docs/providers/azuread/d/application.html

Indicates: " NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all (or owned by) applications and Sign in and read user profile within the Windows Azure Active Directory API."

I cannot find the “Sign in and read user profile” permission. Is this documentation out of date?

thanks,
Ed

mattduguid · September 14, 2020, 2:37am

was looking at same thing today, we’ve added the legacy “Azure Active Directory Graph” permissions and more current “Microsoft Graph” ones below, believe the “Sign in and read user profile” one you mention relates to “Directory.Read.All”

Microsoft Graph
	Application.Read.All
	Application.ReadWrite.All
	Application.ReadWrite.OwnedBy
	User.Read
	
Azure Active Directory Graph 
	Application.ReadWrite.All
	Application.ReadWrite.OwnedBy
	Directory.Read.All

Topic		Replies	Views
Azuread_service_principal permissions Directory.ReadWrite.All Azure azure	2	1180	January 25, 2022
Required Service Principal Permissions to Read AD Users and Group details Azure azure	2	686	January 19, 2022
Service principle permissions for azuread Terraform Providers	1	708	November 20, 2019
Service Principal to access AD Azure	0	342	June 16, 2021
Insufficient Privileges when trying to create AzureAD Group (azuread 2.0.1) Azure azure	4	12461	August 4, 2022

Azuread_application as Service Principal

Related topics