Why one can create a service principle without first create the application object?

Shen 1 Reputation point

According to the official documentation:

An Azure AD application is defined by its one and only application object.

A service principal is a concrete instance created from the application object and inherits certain properties from that application object

But how can one create a service principle without create application object first!!!! Azure documentation is very confusing!


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,392 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 41,916 Reputation points


    As per Microsoft documentation the SP is created along with the Application when you deploy it, "when you register/update an application in the Azure portal, the portal creates/updates both an application object and a corresponding service principal object for that tenant. The application object defines the application's identity configuration globally (across all tenants where the associated application has been granted access), and is the template from which its corresponding service principal object(s) are derived for use locally at run-time (in a specific tenant).

    So basically it all comes down to the requirements and the application object is the global representation of your application for use across all tenants, and the service principal is the local representation for use in a specific tenant.

    So you dont create specific SPN but application objects and that in turn creates the base application + SPN please see this flow chart.


    Also you can test the App registration process for quick start - quickstart-register-app


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments