Error "Either the Enterprise Application Object ID is incorrect or the Reader role was not assigned"
10718
Created On 10/27/21 12:44 PM - Last Modified 10/26/25 22:17 PM
Symptom
Cloud account Status shows "Either the Enterprise Application Object ID is incorrect or the Reader role was not assigned" error in Prisma Console.
Environment
- Prisma Cloud
- Microsoft Azure
Cause
Incorrect Enterprise Application Object ID in Azure causes the error
Resolution
Prisma Console:
1. Log in to Prisma Console.
2. Go to Settings > Cloud Accounts Click on Edit in Actions.
3. Click on Pencil button to see Configure Account page.
4. Copy Application (Client) ID to Notepad. We will use it to check Azure App registrations in the Azure portal.
Microsoft Azure Portal:
2. Type Azure Active Directory in the Search bar. Then click on Azure Active Directory.
3. Click on Enterprise applications.
4. Click on Overview and Paste Application (Client) ID which was copied from above Step:4 under Prisma Cloud Account.
5. Click on Enterprise application. In this case Prisma Cloud App qobyz
6. Copy the Object ID.
7. Replace the previous value in Enterprise Application Object ID under Prisma Cloud Account. Click on Next
8. Click on Next again to see Status.
9. You will see a Green Status. Click on Done.
Note: If you don't see Green Status wait for a few mins and repeat from Step 6 to 9. If you didn't set up Flow Logs ingestion. It will not be Green after replacing Value.
10. Congratulations! You have successfully replaced Enterprise Application Object ID.
Additional Information
(Optional) Enable NSG flow logs: If you want to enable flow log ingestion, you must complete the tasks outlined in Step 9