We have an existing Azure installation with several App Services. When I tried to create the Service Connection to deploy CI/CD releases from DevOps I get the following message:
Failed to create an app in Azure Active Directory. Error: The requesting identity (CUID 1f0b82**) does not have permission to access the tenant ().*
What User or entity is the "requesting identity" that is lacking a role/permission? It ain't me, my User has the Owner, Contributor and Reader access assigned for the subscription.
We have an Azure .Net web project that we have been running for over 2 years. Using a Service Connection to deploy code from our DevOps pipelines.
Last week, the service Connection Secret expired and after trying to refresh the token, we decided to delete the Service Connection and recreate it. Nice and simple. And now cannot create a new Service Connection.
Steps:
- In DevOps logged in as an Owner in azure.
- Open Project Settings => Service connections => Create service connection
- Select Azure resource Manager
- (popup authentication dialog) Sign in to Azure...
- Select Service principal (automatic)
- Select Scope level = Subscription and Select the Subscription
- Select a resource Group (or leave it empty)
- Check the box for Grant access permission to all pipelines.
- click Save
Expected a fresh new service connection. I am a Member not a Guest, and I have the User Setting to allow this.
Got the following message: Failed to create an app in Azure Active Directory. Error: The requesting identity (CUID 1f0b82ec-5b86-7b51-8aff-5d7386cfb80c) does not have permission to access the tenant ().
I got the above result and so has another member of the team.
If you click Save again (more out of curiosity than much else), we get this message: Failed to get access token from strong box. Key is invalid.