How to add Service Principal to Azure Devops via CLI

Hi,
I did run in the same problem recently. The cli does not seem to have the service principal option (https://github.com/Azure/azure-devops-cli-extension/blob/master/azure-devops/azext_devops/dev/team/user.py).
The only way I have found (by looking what the UI is doing when adding a sp user) was combination of two api calls:
POST https://dev.azure.com/{organisation}/_apis/IdentityPicker/Identities?api-version=5.0-preview.1
with body:

{
  "query": "SEARCH_SERVICE_PRINCIPAL",
  "identityTypes": ["user", "servicePrincipal"],
  "operationScopes": ["source", "ims"],
  "options": { "MinResults": 5, "MaxResults": 40 },
  "properties": [
    "DisplayName",
    "IsMru",
    "ScopeName",
    "SamAccountName",
    "Active",
    "SubjectDescriptor",
    "Department",
    "JobTitle",
    "Mail",
    "MailNickname",
    "PhysicalDeliveryOfficeName",
    "SignInAddress",
    "Surname",
    "Guest",
    "TelephoneNumber",
    "Manager",
    "Description"
  ]
}

which gives me the originid of a SP in AAD. With originid I can call

POST 

with body:

{
  "accessLevel": {
    "licensingSource": 1,
    "accountLicenseType": 2,
    "msdnLicenseType": 0,
    "licenseDisplayName": "Basic",
    "status": 0,
    "statusMessage": "",
    "assignmentSource": 1
  },
  "projectEntitlements": [
    {
      "group": { "groupType": 2 },
      "projectRef": { "id": "PROJECT_ID" }
    }
  ],
  "servicePrincipal": {
    "displayName": "DISPLAY_NAME",
    "origin": "aad",
    "originId": "ORIGIN_ID",
    "subjectKind": "servicePrincipal"
  }
}

To add a SP to ADO.

Unfortunately the identitypicker does not seem to be a documented API and at the same time the only API that returns origin id of a AAD SP.

I know this is not quite answering the question for az cli but hope it can help to someone looking to add SP in ADO.