Prerequisites
To sign in with a service principal, you need
- Azure CLI
- A service principal for your authentication.
Azure CLI
Azure CLI, or Azure Command-Line Interface, is a set of command-line tools provided by Microsoft Azure for managing and interacting with Azure resources. It allows users to perform various tasks such as deploying and managing virtual machines, creating and configuring Azure services, and automating common tasks in the Azure cloud environment through a command-line interface. Azure CLI is cross-platform, supporting Windows, macOS, and Linux, making it a versatile tool for developers and administrators working with Azure resources.
To install Azure CLI
- Click the link
- Follow the provided instructions.
What is a Service Principal in Azure?
Service principals are accounts not tied to any particular user, which can have permissions on them assigned through predefined roles. Authenticating with a service principal is the best way to write secure scripts or programs, allowing you to apply both permissions restrictions and locally stored static credential information. To learn more about service principals, see Work with Azure service principals using the Azure CLI.
Create Service Principal in Azure Portal
First, Go to the Azure Portal and search for the service named “App registration” Once found, click on “New Registration”
Provide a name for your application. In the registration process, select “Who can use this application or access this API?” as “Accounts in this organizational directory only (Default Directory only — Single tenant)” and then click the “Register” button.
After successfully registering the application, make a note of the “Application (client) ID” and “Directory (tenant) ID” for future reference.
Proceed to “Certificates & Secrets” from the left side, click on the “New client secret” button, and provide a short description. Select the expiration from the drop-down list as per your preference. After successfully creating a secret, ensure to securely store its value, as it is a one-time showable.
Assign Permissions
In the Azure Portal, search for the service named “Subscriptions” and click on your subscription name.
Navigate to “Access control (IAM)” from the left side, click on the “+ Add” button, and select “Add role assignment”
Choose the desired role for your service principal, select “Assign access to” as “User, group, or service principal” and search for the name of the previously created application. Finally, click on the “Review + Assign” button to complete the process.
Sign in with Azure CLI using a Service Principal
Open your Bash or Power Shell Terminal and type the following command
az login --service-principal -u <Application (client) ID> -p <value of your secret> --tenant <Directory (tenant) ID>That’s it! You have successfully signed in with Azure CLI using a service principal.
