Enterprise Application not owned by dev-user?

Sri Bolisetty 1 Reputation point


I can create an Enterprise Application in Azure using Terraform and all is good. The application is owned by me, as a user and wondering what is the best practice to build this. I can assign multiple users to the owner pool, but ideally this application should be built using Service Account of some nature that is not tied to a user or two. Was thinking Service Principal may be the answer, but reading through the docs SP doesn't look like the right way.

What is the correct way to build Enterprise Applications so they are not owned by a user alone?


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,668 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Sri Bolisetty 1 Reputation point

    After more reading on Azure AD enterprise applications, I notice that even if the current team is long gone - an Administrator can assign a new user to the roll and let the application be managed.

    I am in an environment where code is the infrastructure and we are using Terraform for deploying these applications. Currently I am having to assign "owners" to the application and building and deploying it. Ideally I am hoping, a service account or some other system resource can bulid these long-running applications. Didn't find anyway and having to add all the current devops members as owners seem to be the only way. Would like to hear if anyone else figured out a better way that I totally missed. Thanks in advance.

  2. Carolyne-MSFT 1 Reputation point Microsoft Employee

    You can add a Service Principal to manage an Enterprise application, please refer to a similar post here where a service principal is granted Application Administrator role which allows creation and managing all aspects of enterprise applications, application registrations, and application proxy settings.
    This documentation guides on how to assign AD roles at different scopes.

    0 comments No comments