What is Azure Service Principal?

Please refer to this official document.

An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a ‘user identity’ (login and password or certificate) with a specific role, and tightly controlled permissions to access your resources. It only needs to be able to do specific things, unlike a general user identity. It improves security if you only grant it the minimum permissions level needed to perform its management tasks.

If you want to create a new service principal(sp) with Azure CLi 2.0. You could login with your Azure AD user. Then execute following command.

az ad sp create-for-rbac --name {appId} --password "{strong password}"

The result like below:

{
  "appId": "a487e0c1-82af-47d9-9a0b-af184eb87646d",
  "displayName": "MyDemoWebApp",
  "name": "http://MyDemoWebApp",
  "password": {strong password},
  "tenant": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}

appId is your login user, password is login password.

After the sp is created, you also need give it Contributor role, then you could manage your Azure resource.

az role assignment create --assignee <objectID> --role Contributor

Now, you could login in non interctive mode with following command.

az login --service-principal -u <appid> --password {password-or-path-to-cert} --tenant {tenan

Leave a Comment

tech