Поделиться через


Set up Azure Service Principal

 

Azure Service principal is like a Mech ID that does work for you behind the scenes

Stack Overflow states it plainly

An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources.

Reference

Docs site defines it as a Security identity object

We will need the AAD Tenant ID, Application ID (service principal, and Password (key)

AAD Tenant ID

 

For Service Map, the Tenant ID is the Azure Active Directory, Directory ID

 

From Azure Portal

Select Azure Active Directory > Properties > Directory ID in the Azure portal

See Docs site link

Save this to notepad, somewhere for safe keeping - password safe

Tenant ID

This is where you setup the Service Principal for an application

Azure Active Directory is NOT required

From Azure Portal

Click on Azure Active Directory

Click on Properties

Copy the Directory ID

From OMS

Click on Overview, Settings

Click on Accounts, Manage Users

Copy the Tenant ID

Once you have the Directory ID copied to notepad, you need to set up an App registration

App Registration ID

From Azure Portal

Click Azure Active Directory

Click App Registrations

Click + New application registration

Create name and URL

My example is 'ServiceMap-App' with my domain

Click Create

 

Click Settings

Click Keys

Recommend setting 2 keys, and save to notepad, and somewhere secure

I did 1 year and 2 year keys

Enter name for Description, Duration box, and click Save

Value will be displayed

Copy the value

PLEASE!!!!

Don't exit without grabbing the keys!  You will have to delete the App-Registration and start over

After creation, copy the values from Notepad for Tenant ID, Application ID, and keys

 

Other links for alternative methods for Service Principal

 

ARM Service Principal /en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal

Azure CLI /en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest

Blog https://blogs.msdn.microsoft.com/arsen/2016/05/11/how-to-create-and-test-azure-service-principal-using-azure-cli/