Creating a Custom AzureAD Service Principal App
Creating a custom AzureAD application and a service principal that can access the necessary resources is required when authenticating using an Azure Service Principal.
Steps to Create an AzureAD SP App
Follow the steps below to create a custom AzureAD application and obtain the connection properties for the Azure Service Principal authentication.
- Log in to https://portal.azure.com.
- In the left-hand navigation pane, select Azure Active Directory > App Registrations and click New registration.
- Enter an application name and select Any Azure AD Directory - Multi Tenant. Then set the redirect URL to http://localhost:33333, the cmdlet's default, or a URL of your choosing.
- After creating the app, copy the Application (client) Id value displayed in the "Overview" section, since this value is used as the OAuthClientId
- Define the application authentication type by navigating to the "Certificates & Secrets" section. There are two types of authentication available: client secret and certificate.
The recommended authentication method is via a certificate.
- Option 1 - Upload a certificate: In "Certificates & Secrets", select Upload certificate and the certificate to upload from your local machine.
- Option 2 - Create a new application secret: In "Certificates & Secrets", select New Client Secret for the application and specify its duration. After saving the client secret, the key value is displayed. Copy this value since it is displayed only once. You will use it as the OAuthClientSecret.
- On the Authentication tab, make sure to select the option Access tokens (used for implicit flows).