Apr 03 2021 04:04 AM
Hi All,
looking for simple explanation for service principals for better understanding and reals use cases in my subscription.
Please provide your suggestions for the same.
Apr 03 2021 12:27 PM - edited Apr 04 2021 07:17 AM
SolutionIf you are familiar with service account in active directory may be it can help to better understand .
Service principal like service account is used to avoid putting user credentials in a deployment or an install .
If you want to deploy a Service that need domain admin or whatever role in AD you will use a service account instead of a user one .
The same apply in Azure if you want to deploy something in an automated fashionn you should not pick a user identity . You should create a service principal or use an existing that will facilitate authentication to other services .Then you can apply a least privilege strategy . Also service principal are a common way to authenticate for automation tools like Terraform or Azure DevOps or some others services like Azure Kubernetes Service .
You can authenticate as SP with Password or Certificate .
Mar 31 2023 07:47 PM
Worth to take a look at this:
https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
Apr 02 2023 03:48 PM
Apr 02 2023 06:09 PM
Here may also help, as well as managed identity in case you are interest:
Sign in with Azure PowerShell | Microsoft Learn
Apr 03 2021 12:27 PM - edited Apr 04 2021 07:17 AM
SolutionIf you are familiar with service account in active directory may be it can help to better understand .
Service principal like service account is used to avoid putting user credentials in a deployment or an install .
If you want to deploy a Service that need domain admin or whatever role in AD you will use a service account instead of a user one .
The same apply in Azure if you want to deploy something in an automated fashionn you should not pick a user identity . You should create a service principal or use an existing that will facilitate authentication to other services .Then you can apply a least privilege strategy . Also service principal are a common way to authenticate for automation tools like Terraform or Azure DevOps or some others services like Azure Kubernetes Service .
You can authenticate as SP with Password or Certificate .