Creating a service principal for use with Microsoft Purview
You can create a new or use an existing service principal in your Microsoft Entra tenant to use to authenticate with other services.
Navigate to the Azure portal.
Select Microsoft Entra ID from the left-hand side menu.
Select App registrations and + New registration.
Enter a name for the application (the service principal name).
Select Accounts in this organizational directory only.
For Redirect URI select Web and enter any URL you want. If you have an authentication endpoint for your organization you want to use, this is the place. Otherwise
Then select Register.
Copy the Application (client) ID value. We'll use this later to create a credential in Microsoft Purview.
Adding a secret to the client credentials
Select the app from the App registrations.
Select Add a certificate or secret.
Select + New client secret under Client secrets.
Provide a Description and set the Expires for the secret.
Copy the value of the Secret value. We'll use this later to create a secret in Azure Key Vault.
Adding the secret to your Azure Key Vault
To allow Microsoft Purview to use this service principal to authenticate with other services, you'll need to store this credential in Azure Key Vault.
- If you need an Azure Key vault, you can follow these steps to create one.
- To grant your Microsoft Purview account access to the Azure Key Vault, you can follow these steps.
Navigate to your Key vault.
Select Settings --> Secrets --> + Generate/Import
Enter the Name of your choice, and save it to create a credential in Microsoft Purview.
Enter the Value as the Secret value from your Service Principal.
Select Create to complete.
Create a credential for your secret in Microsoft Purview
To enable Microsoft Purview to use this service principal to authenticate with other services, you'll need to follow these three steps.
- Connect your Azure Key Vault to Microsoft Purview
- Grant your service principal authentication on your source - Follow instructions on each source page to grant appropriate authentication.
- Create a new credential in Microsoft Purview - You'll use the service principal's application (client) ID and the name of the secret you created in your Azure Key Vault.