We have an Azure Active Directory and within it I want the users to be able to create AD application by going to "App registrations" section.
Reading the link here,
Check the App registrations setting. If set to Yes, non-admin users can register AD apps. This setting means any user in the Azure AD tenant can register an app.
I have set the value of "Users can register applications" under "User Settings" to Yes. But when the users go to App Registration, and create an app, they see an error "Insufficient privileges to complete the operation".
Is there any other step required here ?
Are you using Microsoft Graph API? Have you checked the permissions on your AAD application against the Microsoft Graph API? According the document of List Users, we need one of following permissions in scope:
User.ReadBasic.All; User.Read.All; User.ReadWrite.All; Directory.Read.All; Directory.ReadWrite.All; Directory.AccessAsUser.All
You can refer to https://graph.microsoft.io/en-us/docs/authorization/permission_scopes to match the permission name to the scope name.
Other things you can try: 1. Add "Read directory data" permission under "Delegated Permissions" for the application registration. 2. Remove "Azure Active Directory" and "Graph API" from the Required Access page and then re-add it with the appropriate app permissions.