Example Lighthouse subscription - redhat.com tenant

test-subscription.json

{
  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "mspOfferName": {
      "type": "string",
      "metadata": {
        "description": "Specify a unique name for your offer"
      },
      "defaultValue": "Red Hat Cloud Provisioning"
    },
    "mspOfferDescription": {
      "type": "string",
      "metadata": {
        "description": "Name of the Managed Service Provider offering"
      },
      "defaultValue": "Provisioning Service by console.redhat.com"
    },
    "managedByTenantId": {
      "type": "string",
      "metadata": {
        "description": "Specify the tenant id of the Managed Service Provider"
      },
      "defaultValue": "64dc69e4-d083-49fc-9569-ebece1dd1408"
    },
    "authorizations": {
      "type": "array",
      "metadata": {
        "description": "Specify an array of objects, containing tuples of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers."
      },
      "defaultValue": [
        {
        "principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
        "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
        "principalIdDisplayName": "Read any resource"
        },
        {
          "principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
          "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46",
          "principalIdDisplayName": "Unregister MSP"
        },
        {
          "principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
          "roleDefinitionId": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
          "principalIdDisplayName": "Manage virtual machines"
        }
      ]
    }
  },
  "variables": {
    "mspRegistrationName": "[guid(parameters('mspOfferName'))]",
    "mspAssignmentName": "[guid(parameters('mspOfferName'))]"
  },
  "resources": [
    {
      "type": "Microsoft.ManagedServices/registrationDefinitions",
      "apiVersion": "2019-09-01",
      "name": "[variables('mspRegistrationName')]",
      "properties": {
        "registrationDefinitionName": "[parameters('mspOfferName')]",
        "description": "[parameters('mspOfferDescription')]",
        "managedByTenantId": "[parameters('managedByTenantId')]",
        "authorizations": "[parameters('authorizations')]"
      }
    },
    {
      "type": "Microsoft.ManagedServices/registrationAssignments",
      "apiVersion": "2019-09-01",
      "name": "[variables('mspAssignmentName')]",
      "dependsOn": [
        "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
      ],
      "properties": {
        "registrationDefinitionId": "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
      }
    }
  ],
  "outputs": {
    "mspOfferName": {
      "type": "string",
      "value": "[concat('Managed by', ' ', parameters('mspOfferName'))]"
    },
    "authorizations": {
      "type": "array",
      "value": "[parameters('authorizations')]"
    }
  }
}

https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fgist.githubusercontent.com%2Flzap%2F2a13ce333be089d09adc21b9b497088e%2Fraw%2F51edefd7c768da414f716de20a1e62ee70223bc5%2Ftest-subscription.json

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"InvalidPrincipalId","message":"The principal object identifier '67e78b19-6609-4ca8-aaf2-f0a26626ea05' does not exist in the managedByTenant '64dc69e4-d083-49fc-9569-ebece1dd1408'."}]}