Unable to create an Entitlement Management Catalog in Azure AD - Identity Governance

Question

I am unable to create an Entitlement Management Catalog in Azure AD - Identity Governance.

There is a validation check on the "Name" field which keeps spinning endlessly. If I hover over the spinning animation, I get the hint "Catalog with the same name already exists.". However, I don't have any catalogs in my Azure AD instance. And if the name is globally unique, the hint message is not accurate because I've tried impossibly unique names and still getting the same issue.

I am not sure if the hint is simply misleading and there is another issue I need to take a look at or if this is a bug of some sort.

My Azure AD instance is Free which is sufficient for creating catalogs as per this article https://learn.microsoft.com/en-us/microsoft-365/education/deploy/design-identity-governance (License Requirements section).

I also have the "Global Administrator" and "Identity Governance Administrator" roles assigned to my user account.

Thanks ahead.

Answer 1

After some trial and error with other community members, it turns out that you do in fact need Azure AD Premium P2 license to do ANYTHING with catalogs, access reviews, etc. The "License requirements" is not entirely accurate where it says P2 is not required for Global Administrators who set up the initial catalogs, access packages, and policies, and delegate administrative tasks to other users.

Answer 2

I have one Azure AD instance with Free license like below:

Now, I assigned same roles as you to one user named Sri like below:

When I signed in with above user account, I'm able to create catalog successfully like below:

But when I tried to create another catalog with existing catalog name, I got same error as you like this:

In your case, check whether you selected Select All under Enabled and Enabled for external users or not to see all existing catalogs.

Alternatively, make use of below PowerShell script to create catalog if there is any issue with your Portal:

Connect-MgGraph -Scopes "EntitlementManagement.ReadWrite.All"
Select-MgProfile -Name "beta"

New-MgEntitlementManagementAccessPackageCatalog -DisplayName "DeviCatalog" -Description "Created from PowerShell"

Response:

When I checked the same in Portal, catalog created successfully like below:

Answer 3

You need to have Azure AD Premium P2 license in order to create a Catalog in Azure AD Identity Governance. Please refer this link for clarity.