New-AzureADServicePrincipal

Creates a service principal.

Syntax

New-AzureADServicePrincipal
   [-AccountEnabled <String>]
   [-AlternativeNames <System.Collections.Generic.List`1[System.String]>]
   -AppId <String>
   [-AppRoleAssignmentRequired <Boolean>]
   [-DisplayName <String>]
   [-ErrorUrl <String>]
   [-Homepage <String>]
   [-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]>]
   [-LogoutUrl <String>]
   [-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]>]
   [-PublisherName <String>]
   [-ReplyUrls <System.Collections.Generic.List`1[System.String]>]
   [-SamlMetadataUrl <String>]
   [-ServicePrincipalNames <System.Collections.Generic.List`1[System.String]>]
   [-ServicePrincipalType <String>]
   [-Tags <System.Collections.Generic.List`1[System.String]>]
   [<CommonParameters>]

Examples

Example 1: Create a service principal

PS C:\>New-AzureADServicePrincipal -AccountEnabled $true -AppId $MyApp.AppId -AppRoleAssignmentRequired $true -DisplayName $App -Tags {WindowsAzureActiveDirectoryIntegratedApp}

This command creates a service principal. The tag "-Tags {WindowsAzureActiveDirectoryIntegratedApp}" is used to have this service principal show up in the list of Integrated Applications in the Admin Portal.

Parameters

-AccountEnabled

true if the service principal account is enabled; otherwise, false.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AlternativeNames

The alternative names for this service principal

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppId

The unique identifier for the associated application (its appId property).

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AppRoleAssignmentRequired

Indicates whether an application role assignment is required.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Specifies the display name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ErrorUrl

Specifies the error URL.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Homepage

Specifies the home page.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyCredentials

The collection of key credentials associated with the service principal.

Type:List<T>[Microsoft.Open.AzureAD.Model.KeyCredential]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LogoutUrl

Specifies the logout URL.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordCredentials

Specifies password credentials.

Type:List<T>[Microsoft.Open.AzureAD.Model.PasswordCredential]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublisherName

Specifies the publisher name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ReplyUrls

The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SamlMetadataUrl

The URL for the SAML metadata

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServicePrincipalNames

Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal. A client will use these to:

  • populate requiredResourceAccess, via "Permissions to other applications" in the Azure classic portal. - specify a resource URI to acquire an access token, which is the URI returned in the claim.
Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServicePrincipalType

THe type of the service principal

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Tags

Tags linked to this service principal.

Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Notes

See the migration guide for New-AzureADServicePrincipal to the Microsoft Graph PowerShell.