Publisher verification - Unable to add publisher

[HaydnDias]

Hi, I'm trying to verify my app with an MPN ID, and whether I do it through the azure portal, or the https://graph.microsoft.com/v1.0/applications/{applicationId}/setVerifiedPublisher api I get the following response

{
    "error": {
        "code": "UnableToAddPublisher",
        "message": "A verified publisher cannot be added to this application. Please contact your administrator for assistance.",
        "innerError": {
            "date": "2020-09-18T14:00:46",
            "request-id": "85dec4a4-efc5-4ccb-a03a-a3bda4b95492",
            "client-request-id": "f57ccf46-b5c0-07e4-949d-d561063dd120"
        }
    }
}

This error isn't documented, we have another app registered the exact same way but configured for testing which has verified fine, I can't figure out what the issue is.

Many thanks,
Haydn

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: df11cb03-70da-7df3-4941-3c2f8ea022f8
• Version Independent ID: 96cd8eec-ed94-05bf-1288-86b6ef3db105
• Content: Troubleshoot publisher verification - Microsoft identity platform
• Content Source: articles/active-directory/develop/troubleshoot-publisher-verification.md
• Service: active-directory
• Sub-service: develop
• GitHub Login: @rwike77
• Microsoft Alias: ryanwi

[JamesTran-MSFT]

@HaydnDias
Thanks for your feedback! We will investigate and update as appropriate.

[JamesTran-MSFT]

@HaydnDias
Were you able to make sure your app and the user you're using to sign in can mark your app as publisher verified?

Publisher verification requirements
-For your testing app that was configured the same way, were you the one that verified it? Or was it another user?

If you have any other questions, please let me know.
Thank you!

[HaydnDias]

@HaydnDias
Thanks for your feedback! We will investigate and update as appropriate.

Hi @James-Hamil-MSFT I can't remember exactly, I think the testing app was created by another account and verified by me, but the audit log doesn't go back far enough for me to be able to tell, I have global administrator for both Azure AD and MPN Partner Centre, as well as "Access management for Azure resources" on the Azure AD properties page.

I have tried logging out and back in to no avail, I have 2fa enabled and registered.

As far as I can tell we meet all the requirements and I don't see any reason I'd be blocked from doing so.

[JamesTran-MSFT]

@HaydnDias
Thank you for the quick reply and details!

We'd like to take a closer look into your environment and issue, can please email me with the info below. I'll go ahead and enable a one-time free support request for you so you can work with our support engineers to get this issue resolved.

-Removed Email instructions-

[HaydnDias]

@JamesTran-MSFT Thanks for getting back to me, sorry for the delay, I wasn't in the office on the weekend, I have emailed as detailed, look forward to hearing back from you.

[JamesTran-MSFT]

@HaydnDias
I went ahead and enabled your subscription for a one-time free support request, so I'll go ahead and close out this issue.

If you have any other questions or run into further issues, please let me know and I'd be more then happy to re-open this issue and continue working with you.

Thank you for your time and patience throughout this issue.

[HaydnDias]

@JamesTran-MSFT Just to feed back and close this off, the issue seems to have fixed itself, after a few days I reattempted and it went through without issue. Un-sure what was wrong, nothing in our setup has been modified since but happy it's working now.

Many thanks for your assistance and patience.

[JamesTran-MSFT]

@HaydnDias
Thank you for the follow up, I'm glad that everything is working!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

[liambolling]

This happens to me with the exact same error. It's been going on for a few days now, how did you fix it?

[liambolling]

Could we open this back up since the error clearly exists and there is no explanation of it within Azure docs?

[HaydnDias]

This happens to me with the exact same error. It's been going on for a few days now, how did you fix it?

I didn't, it just vanished by itself, without any changes made to our azure setup, a few days later it just started working bizarrely.

[JamesTran-MSFT]

@liambolling
Thanks for bringing this up.

I'll let our engineering teams know that this might be a potential product bug so they can take a look at this.

[alfredorevilla-msft]

@HaydnDias or @liambolling may you have information such as:

• Timestamp
• CorrelationId or RequestId
• ObjectID or UserPrincipalName of signed in user
• ObjectId or AppId of target application
• TenantId where app is registered
• MPN ID

[TacticalVilius]

Hi, just adding my case here. I had the exact same problem and it also worked after waiting a couple of days, just like for @HaydnDias

[HaydnDias]

@HaydnDias or @liambolling may you have information such as:

• Timestamp
• CorrelationId or RequestId
• ObjectID or UserPrincipalName of signed in user
• ObjectId or AppId of target application
• TenantId where app is registered
• MPN ID

@alfredorevilla-msft I provided relevant information in my original post when reporting the issue, it has since resolved itself without input from myself or anyone else.

[alfredorevilla-msft]

We requires some extra information but its great to know the issue has been solved.

[benmo]

Same issue here.

[Radiergummi]

Same for me, unable to add our app.

[JamesTran-MSFT]

Hi All,
I created an issue and assigned it to the author to update the troubleshooting steps documentation for this error message.

For more info: #66693

[rfcdejong]

This is very unstable and it must be a bug. I have configured many applications in our Azure AD before and verified it to our MPN ID. Worked fine all the time. Suddenly I'm running into this error. Logging out, enforcing a new MFA doesn't work either.

{
  "error": {
    "code": "UnableToAddPublisher",
    "message": "A verified publisher cannot be added to this application. Please contact your administrator for assistance.",
    "innerError": {
      "date": "2020-12-01T13:59:43",
      "request-id": "0547987a-3b4d-4327-9bac-6bbe4fed0294",
      "client-request-id": "0486bcf9-cee3-4d57-8d11-09e11405d94a"
    }
  }
}

[BBrukner]

We are having the same issue, have followed all troubleshooting directions, waited 48 hours, and still unable to complete app registration.

MSFT support request 120120224003327 open pending resolution

[JamesTran-MSFT]

@Radiergummi
Thank you for the detailed post on serverfault! I've reached out to our engineering team regarding this issue and will update if I receive anything from their end.

[rwike77]

Hi everyone. This problem appears to be caused by a known issue that engineering is working to resolve. We don’t have a specific ETA yet, but are hoping to have one soon.

[aditrades]

Same issue here, after passing all the requirements (adding MFA and etc.) we are still getting this error:
A verified publisher cannot be added to this application. Please contact your administrator for assistance. [lB+9bPoGdscYk+9kqjzDJo]
I don't understand why the ticket is closed if this is an unsolved issue
We have a client that is waiting for a big implementation and we are stuck at the business side because of that 😢

[manilsen]

Experiencing the same issue when trying to verify (and all reqs are met)
A verified publisher cannot be added to this application. Please contact your administrator for assistance. [gQB8ekNHz25m3YYGMheWDo]

[aditrades]

Experiencing the same issue when trying to verify (and all reqs are met)
A verified publisher cannot be added to this application. Please contact your administrator for assistance. [gQB8ekNHz25m3YYGMheWDo]

Please also write in this open ticket:
#66693

[jezell]

Also experiencing this issue for over a week now:

A verified publisher cannot be added to this application. Please contact your administrator for assistance. [XWxsCAOzCQCiW3ycHKPCFm]

[oliviomouraoutsystems]

Same here:
A verified publisher cannot be added to this application. Please contact your administrator for assistance. [ppUQBIBP3d6UDcZ+4pOP5y]

[MorpheusZero]

Same Issue. It's been three days and I have followed all of the pre-reqs and using the same user as Global Admin with MFA.

A verified publisher cannot be added to this application. Please contact your administrator for assistance. [F6B8QxZ2jvaTeoyc1W8lkH]

[biologistbrian]

Same issue going on 2 weeks. No one in support has been able to help. Support tracking ID 121021526003850

[roopesuomalainen]

Same issue, has been for more than 2 weeks. "You are unable to add a verified publisher to this application. Please contact your administrator for assistance. [82Nu2r1OdZjKcsCHYrDu6K]".

I am global admin in both MPN and Azure.

[dkattan]

Same issue, has been for more than 2 weeks. "You are unable to add a verified publisher to this application. Please contact your administrator for assistance. [82Nu2r1OdZjKcsCHYrDu6K]".

I am global admin in both MPN and Azure.

I am also getting the "You are unable to add a verified publisher to this application. Please contact your administrator for assistance.", but this appears to be different than the error this issue was created about:
"A verified publisher cannot be added to this application. Please contact your administrator for assistance."

Likewise I am a global admin in both MPN and Azure

[roopesuomalainen]

@JamesTran-MSFT - anything that could be done here? I have tried this tens of times and always failing. It is also very disappointing to go through create support ticket flow and in the final phase, you are told that your plan does not allow you to do it.

[dkattan]

@JamesTran-MSFT - anything that could be done here? I have tried this tens of times and always failing. It is also very disappointing to go through create support ticket flow and in the final phase, you are told that your plan does not allow you to do it.

I’ve got a support request open currently, they identified my UPN as having been flagged for risky sign-in (it was from a benign event from a conditional access policy change a few months back) and suggested that if I resolve the risky sign-in, then it would work.

I resolved it 16 hours ago and the error is still occurring.

[shmcvation]

We are seeing the same, inconsistent issue, where the publisher verification sometimes fails:

Code = "UnableToAddPublisher"
Message = "A verified publisher cannot be added to this application. Please contact your administrator for assistance"

Have tried with multiple application and it seems random whether it works. For some applications, I have been rejected at first attempt, but retrying a few days later then it suddenly works.

[dkattan]

We are seeing the same, inconsistent issue, where the publisher verification sometimes fails:

Code = "UnableToAddPublisher"
Message = "A verified publisher cannot be added to this application. Please contact your administrator for assistance"

Have tried with multiple application and it seems random whether it works. For some applications, I have been rejected at first attempt, but retrying a few days later then it suddenly works.

My error is different "You are unable to add a verified publisher to this application. Please contact your administrator for assistance."

[zak905]

Same here, after going through all the set up, I am now getting:

A verified publisher cannot be added to this application. Please contact your administrator for assistance. [lRbHv1AKGKhgxAZbXPBcQE]

[zak905]

Update: I tried couple of hours later, and it worked.

[roopesuomalainen]

I gave permissions to a colleague after tens of failing attemts. She got it through with first attempt.

[aollivierre]

Publisher verification - Unable to add publisher. Just Kept hammering it every few minutes and it eventually worked. No real solution. Could be just simple server delays,

I knew I was providing the right MPN ID (Global MPN ID) because if you try another MPN ID you will get an error that MPN ID does not exist

[GuyPaddock]

Just ran into this again. For a new application, it errors out. Waiting hours or days, it eventually works.

[melalj]

Running similar issue... Such an error message is really useless (as I'm the admin of the organization, and they are asking me to contact the admin...).
This is really bad developer experience!

[roopesuomalainen]

I tried tens of times and it didn't worked. Then I gave the required MPN permissions to one of our developers. She tried it once and it went through.

[GuyPaddock]

It's definitely time-dependent. It seems to work if I try it hours or a day after the app has been created.

[elegault]

+1 on the same error. Setting the MPN ID either in the portal or via the Graph /setVerifiedPublisher endpoint in a PowerShell script is wildly inconsistent. I have a client who needs their customer admins to run a PowerShell script to automate creating the App Registration to deploy their solution, and Microsoft needs to provide a rock-solid method for ISVs to successfully automate publisher verification configurations. A good starting point would be allowing some mechanism to disable the security risk assessments that are causing these errors to occur. Perhaps this could be a new Azure security setting for App Registrations so any given tenant has the ability to allow "fast-tracking".

[ntziolis]

I gave permissions to a colleague after tens of failing attempts. She got it through with first attempt.

I can confirm this worked for us as well. I'm max admin / owner on both mpn & azure. Couldn't verify (tried 2 days every couple of minutes). Then found this thread, gave the rights as described in requirements to a colleague
=> verification worked on first try.

[BohdanKov]

I am getting the error as well. Almost 3 years past... How it is possible that issue is not resolved yet?