SOLVED

Service Principals and realtime use cases

%3CLINGO-SUB%20id%3D%22lingo-sub-2252160%22%20slang%3D%22en-US%22%3EService%20Principals%20and%20realtime%20use%20cases%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2252160%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elooking%20for%20simple%20explanation%20for%20service%20principals%20for%20better%20understanding%20and%20reals%20use%20cases%20in%20my%20subscription.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20provide%20your%20suggestions%20for%20the%20same.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2252460%22%20slang%3D%22en-US%22%3ERe%3A%20Service%20Principals%20and%20realtime%20use%20cases%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2252460%22%20slang%3D%22en-US%22%3EIf%20you%20are%20familiar%20with%20service%20account%20in%20active%20directory%20may%20be%20it%20can%20help%20to%20better%20understand%20.%3CBR%20%2F%3EService%20principal%20like%20service%20account%20is%20used%20to%20avoid%20putting%20user%20credentials%20in%20a%20deployment%20.%3CBR%20%2F%3EIf%20you%20want%20to%20deploy%20a%20Service%20that%20need%20domain%20admin%20or%20whatever%20role%20in%20AD%20you%20will%20not%20user%20an%20user%20identity%20you%20will%20user%20a%20service%20account%20.%3CBR%20%2F%3EThe%20same%20apply%20in%20Azure%20if%20you%20want%20to%20deploy%20something%20in%20an%20automated%20way%20you%20should%20not%20pick%20a%20user%20identity%20you%20will%20probably%20create%20a%20service%20principal%20that%20will%20facilitate%20authentication%20to%20other%20services%20.Then%20you%20can%20apply%20a%20least%20privilege%20strategy%20.%20Also%20service%20principal%20are%20a%20common%20way%20to%20authenticate%20for%20automation%20tools%20like%20Terraform%20or%20Azure%20DevOps%20or%20some%20services%20like%20Azure%20Kubernetes%20Service%20.%3CBR%20%2F%3EYou%20can%20authenticate%20as%20SP%20with%20Password%20or%20Certificate%20.%3C%2FLINGO-BODY%3E
Occasional Contributor

 

Hi All,

 

looking for simple explanation for service principals for better understanding and reals use cases in my subscription.

 

Please provide your suggestions for the same.

1 Reply
best response confirmed by Suresh_Godaba (Occasional Contributor)
Solution

If you are familiar with service account in active directory may be it can help to better understand .
Service principal like service account is used to avoid putting user credentials in a deployment or an install .
If you want to deploy a Service that need domain admin or whatever role in AD you will use  a service account instead of a user one . 
The same apply in Azure if you want to deploy something in an automated fashionn you should not pick a user identity . You should  create a service principal or use an existing  that will facilitate authentication to other services .Then you can apply a least privilege strategy . Also service principal are a common way to authenticate for automation tools like Terraform or Azure DevOps or some others services like Azure Kubernetes Service .
You can authenticate as SP with Password or Certificate .