In the Prerequisite portion of our documentation it states the following:
Have the Resource Group name for an Azure Resource Group in which the Azure Application has the :guilabel: Azure Key Vault Reader (Preview) role.
Customer suggested the following since they didn't realize they needed an Active Directory role assigned:
- Have the Resource Group name for an Azure Resource Group containing the Key Vault
- Have an Active Directory Application with the role of "Azure Key Vault Reader (Preview)" assigned to it
Let me know if this is something that can be addressed as a user came into intercom and the wording wasn't clear enough for them to understand what they were missing when they we receiving a Vault Key mismatch error.