question

AkshayKV-7048 avatar image
0 Votes"
AkshayKV-7048 asked ·

Why doesn't an Application Owner have permission to land on Single-Sign on page?

I'm an Owner to the application registered in Azure AD. I get "No Access"; error when I try to configure SSO.

7231-screenshot-from-2020-04-07-22-40-55.png

What I also find strange is that, when I try to open the Single-sign on page it hits the below URL and I get the response as follows.


Why does Azure have to check my permissions for Application Proxy when I'm trying to open SSO page?

URL: https://main.iam.ad.ext.azure.com/api/ApplicationProxy/Applications/318ca569-e1fe-400d-bfa5-c7dd43a00d11
Response: {"ClassName":"Microsoft.Portal.Framework.Exceptions.ClientException","Message":"Graph call failed with httpCode=Forbidden, errorCode=NotAdminRoleNoEnoughCustomPermission_UnauthorizedAccess, errorMessage=Unauthorized Access., reason=Forbidden, correlationId = e125bfa1-5615-4617-9ea2-9f45fba5300e.","Data":{},"HResult":-2146233088,"XMsServerRequestId":null,"Source":null,"HttpStatusCode":403,"ClientData":{"errorCode":"Forbidden","localizedErrorDetails":null,"operationResults":null,"timeStampUtc":"2020-04-07T17:09:53.686276Z","clientRequestId":"e125bfa1-5615-4617-9ea2-9f45fba5300e","internalTransactionId":"6bc02fe1-15c7-499d-b45c-36b4d6e84f46","tenantId":"5d471751-9675-428d-917b-70f44f9630b0","userObjectId":"ac5f9f20-b9f4-4ea9-8439-5e96798793aa","exceptionType":"MsGraphException"}}

7221-screenshot-from-2020-04-07-22-40-42.png

7165-screenshot-from-2020-04-07-22-40-29.png


azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AnujRana-1707 avatar image
0 Votes"
AnujRana-1707 answered ·

If i understood this correctly , when you login to portal.azure.com , you are no longer able to access Azure AD blade which contains Applications. If this is correct, then it means that ur Global admin has restricted access to Azure AD to admin users only. Owners of app doesn’t qualify for required privileges. You will need application admin role to manage ur app on portal. Alternatively you can try to manage applications (upto an extent ) using PowerShell.

· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

My concern is that, I'm not able to access the "Single Sign-on" Configuration page where I'm an Owner. Please see the screenshot.

0 Votes 0 · ·

![7195-screenshot-from-2020-04-09-15-18-59.png][1]

I'm trying to access this page.
[1]: /answers/storage/temp/7195-screenshot-from-2020-04-09-15-18-59.png

0 Votes 0 · ·