Creating a service principal for use with Microsoft Purview

  • Article

You can create a new or use an existing service principal in your Microsoft Entra tenant to use to authenticate with other services.

App registration

  1. Navigate to the Azure portal.

  2. Select Microsoft Entra ID from the left-hand side menu.

    Screenshot that shows the link to the Microsoft Entra ID.

  3. Select App registrations and + New registration.

    Screenshot that shows the link to New registration.

  4. Enter a name for the application (the service principal name).

  5. Select Accounts in this organizational directory only.

  6. For Redirect URI select Web and enter any URL you want. If you have an authentication endpoint for your organization you want to use, this is the place. Otherwise https://example.com/auth will do.

  7. Then select Register.

    Screenshot that shows the details for the new app registration.

  8. Copy the Application (client) ID value. We'll use this later to create a credential in Microsoft Purview.

    Screenshot that shows the newly created application.

Adding a secret to the client credentials

  1. Select the app from the App registrations.

    Screenshot that shows the app for registration.

  2. Select Add a certificate or secret.

    Screenshot that shows the app.

  3. Select + New client secret under Client secrets.

    Screenshot that shows the client secret menu.

  4. Provide a Description and set the Expires for the secret.

    Screenshot that shows the client secret details.

  5. Copy the value of the Secret value. We'll use this later to create a secret in Azure Key Vault.

    Screenshot that shows the client secret.

Adding the secret to your Azure Key Vault

To allow Microsoft Purview to use this service principal to authenticate with other services, you'll need to store this credential in Azure Key Vault.

  1. Navigate to your Key vault.

    Screenshot that shows the Key vault.

  2. Select Settings --> Secrets --> + Generate/Import

    Screenshot that options in the Key vault.

  3. Enter the Name of your choice, and save it to create a credential in Microsoft Purview.

  4. Enter the Value as the Secret value from your Service Principal.

    Screenshot that shows the Key vault to create a secret.

  5. Select Create to complete.

Create a credential for your secret in Microsoft Purview

To enable Microsoft Purview to use this service principal to authenticate with other services, you'll need to follow these three steps.

  1. Connect your Azure Key Vault to Microsoft Purview
  2. Grant your service principal authentication on your source - Follow instructions on each source page to grant appropriate authentication.
  3. Create a new credential in Microsoft Purview - You'll use the service principal's application (client) ID and the name of the secret you created in your Azure Key Vault.