Cannot selects principals on vault acces policy - list is empty. What rights are missing?
I'm trying to grant my app access to my vault on azure but I have no items on the list. If I search I can't see even my own user, nor anything else.
I've read the entries on Azure key vault - WebApp is not visible in select principal but on my case the id is on and I've the guid. The thing is, I can't list any Ids at all, and also not search for them.
Which Premission do I need to ask my Admin to grant me? I thought "Directory Readers" but it seems not to work.
I've currently the following Azure roles: Azure:Contributor and Key Vault Admin AD: App Registration
We've temprary added the AD Role: Global Secure Access Administrator and Global Reader and I was able to list the principals including my app.
Cheers, Marco
Note that: To access Service Principals and users, the user account must be granted with Global Reader role and Key Vault contributor role to your user account.
I assigned the role like below:
After assigning the roles, I am able to see the Service Principals while creating access policy like below:
Otherwise, try assigning Reader role to the user account:
Go to Subscriptions -> Access control (IAM) -> Add -> Add role assignment
Search the application with the ObjectID of the Enterprise application:
Refresh the Key vault page and check if you can find the application.