Difference Between 'Application' Service Principal and 'System-assigned Managed Identity' Service Principal

Jesse Kok 20 Reputation points
2024-11-15T13:10:55.8233333+00:00

After reviewing the articles on service principals and managed identities, I am left confused about the differences between the 'application' service principal and the 'System-assigned managed identity' service principal. Both seem to share characteristics such as being tied to a single application and managing access to that application.

Thank you in advance for any clarification.

This question is related to the following Learning Module

Azure Training
Azure Training
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Training: Instruction to develop new skills.
1,818 questions
0 comments No comments
{count} votes

Accepted answer
  1. Deepanshukatara-6769 11,700 Reputation points
    2024-11-15T13:47:18.89+00:00

    Hello Jesse, Welcome to MS Q&A

    The differences between an 'application' service principal and a 'System-assigned managed identity' service principal in Azure are as follows:

    1. Creation:
      • An application service principal is manually created in Microsoft Entra ID for use by applications, services, and tools to access specific Azure resources.
      • A System-assigned managed identity is created automatically when an Azure service is created.
    2. Lifecycle:
      • The application service principal has an independent lifecycle and must be deleted explicitly.
      • The System-assigned managed identity is tied to the lifecycle of the Azure resource it is created for and is automatically deleted when the Azure resource is deleted.
    3. Usage:
      • The application service principal can be used by any application or service and is not tied to a specific Azure service.
      • The System-assigned managed identity represents only the Azure service instance itself and cannot be used to represent other Azure services.
    4. Authentication:
    • The application service principal can use password-based or certificate-based authentication.
      • The System-assigned managed identity does not require an explicit password for authentication

    References:

    Please let me know if any more details needed

    Kindly accept if it works

    Thanks
    Deepanshu

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.