I've got a query around access to manage Azure AD SSO applications. Our IT provider "specialists" are suggesting that in order to manage Azure AD SSO applications they need to be Global Admins. I find this hard to believe that Microsoft would make this level of access a requirement to simply manage some of the SSO application settings. They report that when they click on an application to manage SSO settings, etc. they get the error: "You do not have permissions to manage this application."
Can anyone confirm or point me in the direction of how you allow people access to manage the applications rather than granting them the whole Global Admin shebang!
Your consultant was correct, that level of Admin was required. However, that screen is from the classic Azure portal which is being phased out. Azure AD was recenty released to General Availability in the new Azure portal which provides many improvements (such a extensive Role Based Access Controls) and you will want to start using that location for your AAD tasks. A listing of the various admin roles is at https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles. Unfortunately, there does not seem to be a specific role to limit admins to manage just the apps that need SSO. You may want to create a custom Role if this is a requirement..