In this blog post we are going to learn how to:
Create Service Prinsipal manually
Login to your Azure portal. How to create an Azure account, read my blog here.
Go to Azure Active Directory
Choose App Registrations
Click on + New registration
Provide the Name
Click Register.
Here Application (client) ID is your Service principal client ID.
Directory (tenant) ID is your tenant id.
Click on Certificates & secrets.
Click on + New client secret
Provide description and choose when the client secret should expire.
Click on Add.
The value here is your client secret or Service Principal Key.
Take good care of this value because you cannot see this value later.
Now we have to add Contributor role
Search for your subscription name in Azure Portal
Click on it and go to Access control (IAM)
Click on Add
Choose Add role assignment
Choose Contributor Role and Select My app we just created. Then click on Save.
That's it, we just created a service principle. These values you have to take good care of is
subscription id: guid
tenant id: guid
Service Principal Id (client id): guid
Service principal key (client secret): guid
Create Service Prinsipal using CLI
When you have created Service Principal manually a couple of times you are ready to use command line.
Install azure cli from here.
Run following command
az login
Login to your azure account and find your subscription id.
az account set --subscription subscriptionId
Now we can create a Service Principal
az ad sp create-for-rbac --name DemoServicePrincipal
You get something like this back
{
"appId": "guid",
"displayName": "DemoServicePrincipal",
"name": "http://DemoServicePrincipal",
"password": "guid",
"tenant": "guid"
}
Now we assign Contributor role to our Service Principal
az role assignment create --assignee yourAppId --role Contributor
Take good care of these variables
subscription id: guid
tenant id: tenant
Service Principal Id (client id): appId
Service principal key (client secret): password
Don't forget to subscribe to get latest news from Sergey .NET directly to your mail.