Share via

Add global admin access to my account

Trishul Goel 0 Reputation points
2025-12-09T06:16:18.9233333+00:00

I have an app service, I want to use slot deployment with a production and staging slot.
I can publish apps with publish profile with github action and it works fine, but to swap slot I need to do a az login in github action, for which I need a service principal. My account doesnt have enough permissions to create one. I am owner of the account.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-09T06:16:30.0666667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To create a service principal for your Azure App Service deployment, you need to have sufficient permissions. Since you mentioned that your account does not have enough permissions to create a service principal despite being the owner of the account, you may need to request global admin access or appropriate permissions from your Azure Active Directory administrator.

    Once you have the necessary permissions, you can create a service principal using the Azure CLI with the following command:

    az ad sp create-for-rbac --name "myApp" --role "Website Contributor" \
                            --scopes /subscriptions/<subscription-id>/resourceGroups/<group-name>/providers/Microsoft.Web/sites/<app-name> \
                            --json-auth

    Replace the placeholders with your actual subscription ID, resource group name, and app name. This will generate the credentials needed for your GitHub Actions workflow to perform the slot swap operation.

    If you still encounter issues, consider discussing with your Azure administrator to ensure you have the correct roles assigned.

    References:

    0 comments
  2. Praneeth Maddali 2,715 Reputation points Microsoft External Staff Moderator
    2025-12-09T06:56:25.65+00:00

    Hello @Trishul Goel

    Being a Subscription Owner does not automatically give you permission to create a service principal. Creating an app registration requires a directory-level role in Microsoft Entra ID.

    If your account does not have one of these roles (Application Administrator, Cloud Application Administrator, or Global Administrator), the portal will block the action even though you are an Owner on the subscription.

    You will need someone who is already a Global Administrator in the tenant to assign you one of those roles.

    They should also check the tenant setting under Entra ID → Users → User settings → App registrations and make sure "Users can register applications" is enabled.

    User's image

    Once you have the required directory permissions, you can create a service principal and then use that for az login in your GitHub Actions workflow to perform the slot swap.

    Kindly let us know if the above helps or you need further assistance on this issue.

     

    Please "upvote" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.