DEV Community

Srinivasulu Paranduru
Srinivasulu Paranduru

Posted on • Updated on

Azure Service Principal creation step by step approach

Step by step approach in creating in Azure Service Principal(SCP)

  1. Open the Azure portal and sign in with your Azure account.
  2. Then search for "Microsoft Entra ID" and then select “App registrations” from the submenu.
  3. Click on the “New registration” button to create a new app registration.
  4. Enter a name for your app registration and select the supported account types. For example, you can choose “Single tenant” if you only want to allow users from your own organization to access the app.
  5. Click on the “Register” button to create the app registration. Once the app registration is created, click on the “Certificates & secrets” option in the left menu and then select the “New client secret” option.
  6. Enter a description and expiration date for the client secret, and then click on the “Add” button to create it.
  7. Make sure to copy the client secret value somewhere safe, as it will only be shown once and cannot be retrieved later.
  8. Finally, go to the resource group you want the service principal to access. When you are there, click on “Access Control (IAM)” and then click on “Add>Add role assignment”. 9.Click on the role you want to assign (i.e. Contributor). Then go to member, select assign access to “User, group, or service principal”, and then “Select member”. 10.Type the name of the service principal and then select it. Afterward, click on “Review + assign”.

Step 1: Open the Azure portal and sign in with your Azure account.
Then search for "Microsoft Entra ID" and then select “App registrations” from the submenu.

Step 2 :

Image description

Step 3:

Image description

Image description

Step4:
Click on Certificates & Secrets in the left hand menu and then click on New Client Secret

Image description

Step5: Enter description, select expiry then click on Add

Image description

Image description

Make sure to copy the secret value and it wont be shown once again.

Step6 : Select the resource group

Image description

Step7: Click on IAM -> Click on Add

Image description

Step8:Click on the role you want to assign (i.e. Contributor).

Image description

Step9:Then go to member, select assign access to “User, group, or service principal”, and then “Select member” .Type the name of the service principal "learnazurewithsrini" and then select it. Afterward, click on “Review + assign”.

Image description

We need following details for azure + terraform authentication

1.subscription_id = ""
2.tenant_id = ""
3.client_id = ""
4.client_secret = ""

Image description

Terraform Example :
Step1 : Create a file provider.tf and copy the below code

Terraform sample code:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
  }
}

provider "azurerm" {
  features {}

  subscription_id   = "<azure_subscription_id>"
  tenant_id         = "<azure_subscription_tenant_id>"
  client_id         =  "<service_principal_appid>"
  client_secret     = "<service_principal_password>"
}


Enter fullscreen mode Exit fullscreen mode

Step2:create a file main.tf and copy the below mentioned code


resource "azurerm_resource_group" "az400-training" {
  location = var.resource_group_location
  name     = "az-400-training"
}

Enter fullscreen mode Exit fullscreen mode

Step3:create a file,output.tf and copy the below mentioned code

output "resource_group_name" {
  value = azurerm_resource_group.az400-training.name
}
Enter fullscreen mode Exit fullscreen mode

Step4:Run the terraform commands

terraform init

terraform plan

terraform apply --auto-approve

Image description

Conclusion : Discussed about creating Service principle in Azure and used SCP to authenticate the azure and provision azure resources.

💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin and buy me a coffee

Top comments (2)

Collapse
 
ayan8000 profile image
Ayanabha

Great one this is

Collapse
 
srinivasuluparanduru profile image
Srinivasulu Paranduru

thanks Ayan