question

KanwaljeetSachdev-4009 avatar image
0 Votes"
KanwaljeetSachdev-4009 asked alfredorevilla-msft commented

Automating the creation of service principal in Azure in a customer account



Here is a scenario. I have a SaaS product that needs to make api calls to customer's Azure cloud account. I understand a service principal can be created on the customer's AZ account, and if I have the credentials(app id, password, etc), I can make calls using that user/principal based on the permissions to that principal. One way is that customer creates it for my product, then comes to my product portal(web ui) and punches in this information which my SaaS product can then store securely in vault and use it.

Is there a better way to achieve the creation of the principal? For example via application manifest or something and then also be able to get a Event grid notification or something with the app/principal's creds to a webhook url endpoint?

Basically, I want this to be as automated as possible but cannot think of a way if it is even possible.

azure-active-directoryazure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered alfredorevilla-msft commented

You can create a multi tenant application that will be used as template for the customers SPs and use the New-AzureADServicePrincipal cmdlet or MS Graph Create servicePrincipal operation to provisionate one in each customer tenant.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@kanwaljeetsachdev-4009 please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.


0 Votes 0 ·