In my last post, I have explained Azure Service Principal and Azure Resource Manager importance. Today, in this post I will try to walk you through to create azure service principal or app registration using azure portal user interface step by step. I would recommend you to create service principal via Azure CLI/Powershell commands but my intention here to explain this via beautiful user interface provided by Microsoft Azure so that new developer would not surprise what is happening behind the commands.
1. Azure Account with Subscription
2. Your role should be Administrator
Before starting hands on, I’d recommend you to follow azure naming conventions. I’m currently in process to
write separate post on azure resources naming conventions, so be patient. At this moment, I’d advise you to go through Azure naming conventions defined by Microsoft.
In this post I’m following below naming conventions for azure resource creation.
|Azure Resource||Naming Convention||Example|
|Azure Resource Manager||rg-<application name>-<environment>-<short location>||rg-csharpdocs-d-eas|
|Service Principal||sp-<application name>-<environment>-<short location>||sp-csharpdocs-d-eas|
|Service Principal Secret||rbac-sp-<application name>-<environment>-<short location>||rbac-sp-csharpdocs-d-eas|
Before starting to this exercise, I’d recommend you to create notepad with below details
1. Navigate to https://portal.azure.com
2. Sign in with your credentials
3. Create Azure resource group
- Go to Resource groups
- Enter the your azure subscription, resource group name and region.
- It is optional but always recommended to tag your azure resources with environment and product specific
- Review and Create
- Youre azure resource is ready to use
4. Register application(Create Service Principal) with Azure Active Directory
- Go to Azure Active Directory. This would be your organizations active directory page
- You would land to Default Directory | Overview of Azure Active Directory
- Please note Tenant ID of your organization. Also verify you have administrator role.
- Search for App Registrations and click to New registration link
- Enter the appropriate values shown in below screenshot and click Register button
- Application successfully registered in Azure Active Directory
- Please note Application (client) ID, Directory (tenant) ID to notepad table created
5. Create Secret for application(Service principal)
- Navigate to left menu bar’s Certificates & secrets link
- Click on New client secret and add secret with expire time
- Service principal secret generated. Please note the secret value. It would never appear again.Be default Service principal has Contributor role and only administrator can apply policy to service principal
6. Done!! You have successfully created service principal for your application.
7. Additional permissions – If you want to allow this service principal to invoke Azure Service Management, Azure Storage, Azure DevOps Rest API programmatically then follow below steps
- Navigate to API permissions from left menu and in Configured permissions section Add a permission one by one
- Select Add permissions and select Azure Service Management
Now, We are ready to start to create azure resources like Virtual Machines, Deploying application to App service, containers and so on. In my next post I will show you, how to create Azure resource manager service connection in Azure DevOps so that you can Deploy your application(s) or provision azure infrastructure using Azure Pipelines.
Now one question could come to your mind? Can I enable service principal to work with multiple Azure Subscriptions? then the answer is YES. (However I’d not recommend to do this to make it more complex. I like KISS[Keep It Simple Silly])In order to do that, you can perform below steps