A user will need to provide Access Control to the AAD Application for it to manage the user’s Azure Services (App Services, DNS Zone and Key Vault).
Go to Azure subscriptions, and open the subscription
In the subscription, click on ‘Access control (IAM)’ and add a new role assignment
Select the ‘Contributor’ role
Search for the AAD App that was registered and select it. (If you did not register an AAD app previously, please follow the instruction in this link : Registering an AAD Application)
Click the ‘Save’ button
In the ‘Role assignments’ tab, you will see the new role assignment you just added
You must repeat these steps for each Azure Subscription that a user may wish to access.
If a user is creating SSL/TLS certificates for Azure Key Vault, they will need to set Access policies for the certificate in Key Vault
- In Key Vault, click on ‘Access policies’ and ‘Add Access Policy’
- In the ‘Certificate permissions’ dropdown, select all 16 permissions, including ‘Purge’ permission.
Then , click on ‘Select principal’
Search for the application that was registered and select it
- Click the ‘Add’ button when you are done
- Click the ‘Save’ button to save the access policy
- The newly added access policy will be displayed