This article about easy it to make an Azure Active Directory (Azure AD) application with enabling the service principal that will be used with the role-based access control.

Currently, technology people work in the Azure cloud, and that we attempt to keep our secrets secret. To accomplish that, we use Azure Key Vault, which allows access to the internals only to pre-defined Azure Active Directory identities. Things sound very simple:

·         Need to associate your piece of code with Azure Active Directory Identity

·         Setup Key Vault to permit this Identity to access secrets.

·         Done

 Azure Active Directory (Azure AD) application:

Microsoft offers a strong identity platform but needs to have to do authentication and authorization applications got to be registered. Thither end, within Azure Active Directory (AD), will find out the App registration option that gives to make the registrations for new applications and assign permissions also accordingly. Need to establish connectivity between the application and platform.

You can control:

Supported Account Types – used by users during a given organizational directory or personal Microsoft accounts to be used also.

Redirect Settings – the app must have the access token returned to a selected URI to process subsequent steps of authentication and authorization.

Certificates and Secrets – need to verify the application connecting to the Azure platform can try too so.


Application registration

Application registration may be a process of adding a replacement non-human Identity to AD. It results in the creation of two objects in an Azure AD tenant:

·         An application object.

·         A service principal object

One and Only the application object is equal in the Azure AD Application is clear. The thing resides within the Azure AD tenant, where the appliance was registered, referred to as the application’s “home” tenant.

Service principal:

The Service principal: made each tenant for the application (used globally particular app). The service principal object defines what the app can neutralize the precise tenant, who can access the app.

Assigned only enough access to as little as a selected single Azure resource into Azure service principal. Ex:  Role-based access to a whole subscription when creating an Azure service principal or Azure virtual machine only one.

You can be able to access resources that are secured by an Azure AD tenant (for ex, components >> Azure Subscription), and the entity must be represented by a security principal, which Azure names Service Principal.

Application ID and App. reg Name are associated with Service Principal. 

Azure AD permissions

Login to your Azure portal with your account.

Select and open Azure Active Directory.

Note your role, if don't have a user role, you cannot be able to connect App registration. So, need to create a user role setting.

Before creating the App, need to verify the Azure subscription permissions.

Azure subscription permissions

Search and select Azure subscription and open the homepage.

Select the subscription for you want to need to create the service principal. 

After that, Select the My permissions option. Then Select and open the "Click here to view complete access details for this subscription." Option.

After that, Select View in the Role assignments >> View assigned roles >> to assign the role to the AD app. Add to User Access Administrator role.

Then, the user assigned the owner role.

Create Azure AD with an application and create Service Principal (SP)

Select and Open Azure Active Directory.

Select and open the App registrations option.

Select and open New registration. 

After that, Enter >> application Name.

Then, Select >> supported account types.

Next, Under Redirect URI >> select Web for the type of application >> want to create.

And Enter the URL (Where the access token is sent)

Then, after the entered value >> Click the Register option.

        “Finally, successfully created Azure AD application and service principal.”

Assign a role to the application (Access control (IAM))

Select Azure subscription and open the homepage.

 Select the particular subscription.

Select Access Control (IAM)

Select >> Add role assignment.

Then, Select the role you wish to assign to access the application.

And Select >> created Application.

After that, Click the Save option.

You can be able to see the result. (Contributor)

Signing in >> Tenant and app ID values

 Select Azure Active Directory.

Select and Open >> App registrations >> Select you created an Application.

After, open the application >> Copy the Directory (tenant) ID and store it in your application code.

 And, Copy >> Application ID and store it in your application code. (It will help to connect the other platform service.)

Authentication (Two options)

Op.1 >> Upload a certificate.

You can apply >> create a self-signed certificate or use an existing certificate.

After that, export the certificate.

Open Run from the Start menu >> enter certmgr.msc

Select under the Personal directory.

And Select >> created Certificate >> Right-click >> select all task >> Export.

Do not need to export the private key >> export to .CER file.

Exported certificate.

Upload the certificate >>

Select Azure Active Directory.

Select and Open >> App registrations >> Select you created an Application.

Select and open >> Certificates & secrets.

Then, select >> Upload certificate >> select the certificate (exported.)

After that, view the upload certificate.

Op.2 >> Create (New) Application Secret

Select Azure Active Directory.

Select and Open >> App registrations >> Select you created an Application.

Select and open >> Certificates & secrets.

Then, Select Client secrets >> New client secret

Enter >> details (Secret) and >> add duration >> Click Add.

After that, you can see the Client's secrets details.

Summary: During this article, How to create Azure AD application with a Service Principal in the Azure Environment in my next article, I will cover the next step of this series (How to connect another platform).