I've added a number of SAML applications from the App Gallery to our Azure AD subscription. Now I'm trying to enable our help desk to assign those applications to new staff.
I'm having trouble finding out what the minimal role to do this would be. I've tried making them a User Admin in Office 365 and I've made him a co-admin on the Azure AD subscription. Every time he goes to an application I've added from the Gallery he gets this error:
You do not have permission to manage this application.
I really do not want to go so far as to make him an Office 365 global admin, and really wouldn't even him want him to be co-admin on the Azure AD subscription. Myself and other Office 365 global admins all can access this, but we need our help desk to be able to assign both Office 365 licenses, and the SAML applications we've added.