Create a service principal for use with Microsoft Purview

  • Article

You can create a new or use an existing service principal in your Microsoft Entra tenant to use to authenticate Microsoft Purview with other services. This article explains how to prepare a service principal for Microsoft Purview to use to authenticate with other services.

App registration

  1. Follow the steps in this linked article section to create a service principal: Register an application with Microsoft Entra ID and create a service principal.

    Tip

    For the Redirect URL, if you have an authentication endpoint for your organization you want to use, add it there. Otherwise https://example.com/auth will do.

  2. Once you've registered the app, copy the Application (client) ID value. We'll use this later to create a credential in Microsoft Purview.

    Screenshot that shows the newly created application.

Adding a secret to the client credentials

  1. Follow the steps in this linked article section to create a new client secret: Create a new client secret.

  2. Copy the Secret value. We'll use this later to create a secret in Azure Key Vault.

    Screenshot that shows the client secret.

Adding the secret to your Azure Key Vault

To allow Microsoft Purview to use this service principal to authenticate with other services, you'll need to store this credential in Azure Key Vault.

  1. Navigate to your Key vault.

    Screenshot that shows the Key vault.

  2. Select Settings --> Secrets --> + Generate/Import

    Screenshot that options in the Key vault.

  3. Enter the Name of your choice, and save it to create a credential in Microsoft Purview.

  4. Enter the Value as the Secret value from your Service Principal.

    Screenshot that shows the Key vault to create a secret.

  5. Select Create to complete.

Create a credential for your secret in Microsoft Purview

To enable Microsoft Purview to use this service principal to authenticate with other services, you'll need to follow these three steps.

  1. Connect your Azure Key Vault to Microsoft Purview
  2. Grant your service principal authentication on your source. Every source is different, so select your specific source page from the list of supported sources and follow instructions to assign permissions.
  3. Create a new credential in Microsoft Purview - You'll use the service principal's application (client) ID and the name of the secret you created in your Azure Key Vault.