Microsoft Azure Service Principal is a proxy identity that is used by services, tools, and applications (user-generated) to automate processes by logging into Azure resources. In order to run an automated process it is very important to create a service principal in Azure.
In this article, we will discuss how to create Azure Service Principal with a step-by-step guide, and also read about Azure credential generation for privileged access to the app resources.
You can also check the official documentation by Microsoft.
How To Create Service Principal In Azure For DSV Base Secret? Easy Steps
Step 2: On the left side, click on the Azure Active Directory.
Step 3: Once opened, now create a New registration on the App Registration page with the desired application name and click Register.
Step 4: Note down the Directory (tenant) ID & Application (client) ID. tenantId and clientId are the same DSV secret IDs respectively.
Step 5: Select Certifications & Secrets, then tap on New Client Secret enter the description about your application, and wait for it to expire. In the last tap Add to continue.
Step 6: Note down the clientSecret or newly generated secret that appeared on the DSV Secret.
Step 7: On the next page, click API permissions and add all the required permissions for your application. In the legacy Azure panel, click on Azure Active Directory Graph to add API permissions.
Step 8: Under the Delegated permissions setting button, expand the User bar and mark User.Read option to grant permissions.
Step 9: Now Click on the Application Permission. Under it expand the Application bar and select Application.ReadWrite.All permission and under Directory bar select Directory.ReadWrite.All option.
Step 10: At the bottom, click on Add Permissions to your application. But it will show an error as ‘The permission changes are not granted.’ In the API page Grant admin consent for Default Directory and hit Yes to save all the changes.
Step 11: Now open the Azure Portal Subscription dashboard and note down the Subscription ID in the subscriptionId field of the DSV Secret.
Step 12: Tap on the Subscription ID, under it click on Access control, and add a role for your application accordingly. Select the Owner role and Azure AD user, group, or service principal, and in a select tab, enter the Application (client) ID that you saved previously so that the application is available to selected members. Hit Save to save all the progress.
Note: All the values must be checked twice.
How To Create Azure Service Principal For DSV Dynamic Secret? Easy Sheet
Note: First 3 steps are the same as DSV Base Secret. Note down the Object ID and Application (client) ID for DSV Dynamic Secret. These values are appObjectId and appId respectively.
Step 2: Go to Subscription ID, click on Access control, and add a role. Select Role, Assign Access to, and Select so that members can access your application easily. Choose Role and Assign according to your wish and in the Select tab enter Application (client) ID which is your application name so that the selected member access it. Now hit save.
Conclusion
Azure Service Principal is easy to set up and very important for automating applications and services so that they can easily access the Azure resources and execute properly.
In a previous post, I detailed some pseudo workaround steps that may be required, if you’re using the ‘Configure backup on VMs of a location to an existing central Vault in the same location’ Azure Policy (specifically across multiple Resource Groups). In this post, we’re going to take that policy, and tweak it to perform automated…
I wanted to share this experience I had on a project, and some lessons learned about it. Scenario This project was typical, with both Production and Non-Production environments; all hosted within Azure. In the Non-Production environment, the various Application Teams had engaged with their respective Vendors, to perform the supported installation and configuration of the…
In the first part of this series, we introduced the confusion and complexity that tends to occur when looking at the long list of monitoring tools available for Azure. We then provided a list of currently available tools that we will explore further. We’ve already discussed Azure Activity Logs, Application Insights, Azure Advisor, Azure Alerts, and Azure Diagnostics….
Many organizations are moving mission critical applications to Azure. A lot of organizations are starting to explore Microsoft Azure as a Disaster Recovery (DR) site to their existing datacenters. If you haven’t started to consider this, Microsoft provides several tools to assess your “Cloud Readiness”, and help you estimate the costs, and ROI, in moving…
In the introduction to this series, we identified that there are multiple parts of the cloud migration journey; namely: Discover, Assess, Migrate, Manage, and Operate. We will cover various tools that either falls into one of or span multiple phases in the migration journey. As a quick-link reference, here is the list of tools this…
When working with DevOps (either Azure DevOps or GitHub), and using multi-stage YAML pipelines, it is a best practice to include some type of quality check (ie. Unit Test, Linting, etc.). This makes sense when evaluating application code, but how does it work/relate to Infrastructure-as-Code (IaC)? Quality Controls for Terraform While working with Infrastructure-as-Code (IaC),…
