Azurecloud~30 mins

Service principals for applications in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Service principals for applications

📖 Scenario: You are setting up an application in Azure that needs to access resources securely. To do this, you will create a service principal, which acts like a user identity for your app. This allows your app to authenticate and get permissions without using your personal account.

🎯 Goal: Create a service principal for an application in Azure using Azure CLI commands step-by-step. You will first define the application, then configure the service principal, assign a role, and finally verify the setup.

📋 What You'll Learn

Use Azure CLI commands to create and manage service principals

Assign the Contributor role to the service principal

Verify the service principal creation and role assignment

💡 Why This Matters

🌍 Real World

Service principals are used in real-world cloud applications to allow apps to authenticate securely and access resources without user interaction.

💼 Career

Understanding service principals is essential for cloud engineers and developers managing Azure resources and automating deployments securely.

Progress0 / 4 steps

Create an Azure AD application

Use the Azure CLI command az ad app create to create an application with the display name MyApp. Assign the output to a variable called app.

Azure

# Use az ad app create to create an app named MyApp
# Your code here

Need a hint?

Use az ad app create --display-name MyApp and assign it to app.

Create a service principal for the application

Create a service principal using the application ID from app. Use the Azure CLI command az ad sp create --id with the application ID extracted from app. Assign the output to a variable called sp.

Azure

app=$(az ad app create --display-name MyApp)
# Create a service principal using the app ID
# Your code here

Need a hint?

Extract the appId from app using jq and pass it to az ad sp create --id.

Assign Contributor role to the service principal

Assign the Contributor role to the service principal using az role assignment create. Use the service principal's object ID from sp and assign the role at the subscription scope /subscriptions/00000000-0000-0000-0000-000000000000.

Azure

app=$(az ad app create --display-name MyApp)
sp=$(az ad sp create --id $(echo $app | jq -r '.appId'))
# Assign Contributor role to the service principal
# Your code here

Need a hint?

Use az role assignment create with --assignee set to the service principal's object ID and --role Contributor.

Verify the service principal and role assignment

Verify the service principal exists by listing it with az ad sp show using the app ID from app. Also verify the role assignment with az role assignment list filtering by the service principal's object ID.

Azure

app=$(az ad app create --display-name MyApp)
sp=$(az ad sp create --id $(echo $app | jq -r '.appId'))
az role assignment create --assignee $(echo $sp | jq -r '.objectId') --role Contributor --scope /subscriptions/00000000-0000-0000-0000-000000000000
# Verify the service principal and role assignment
# Your code here

Need a hint?

Use az ad sp show --id with the app ID and az role assignment list --assignee with the service principal's object ID.