<h2>Configuration steps for Azure Service Principal User and Credentials</h2><br/><div style="overflow-x:auto"><p style="margin: 0in 0in 8pt; line-height: 115%; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 18.0pt; line-height: 115%; font-family: 'Times New Roman', serif;">Prerequisites</span></strong></p> <p style="margin: 0in 0in 8pt 0.5in; text-indent: -0.5in; line-height: 115%; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10pt;">You must have User Access Administrator or Role Based Access Control Administrator permissions, or higher, to create a service principal.</span></p> <p style="margin: 0in 0in 8pt 0.5in; text-indent: -0.5in; line-height: 115%; font-size: 12pt; font-family: Aptos, sans-serif;"> </p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 18.0pt; font-family: 'Times New Roman', serif;">Method 1: Create a Service Principal using Azure CLI</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 1: Install or Open Azure CLI</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">If not installed:</span></p> <ul style="margin-bottom: 0in; margin-top: 0px; list-style-position: inside;" type="disc"><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;"><a href="https://learn.microsoft.com/en-us/cli/azure/install-azure-cli" target="_new" rel="noopener noreferrer"><span style="color: blue;">Install Azure CLI</span></a></span></li></ul> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 2: Log in to Azure</span></strong></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">az login</span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">This opens a browser window where you authenticate with your Azure credentials.</span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 3: Create the Service Principal</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Run:</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">az ad sp create-for-rbac --name <name> --role <role> --scopes <scope></span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-family: 'Times New Roman', serif;">Parameters:</span></strong></p> <ul style="margin-bottom: 0in; margin-top: 0px; list-style-position: inside;" type="disc"><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">--name</span><span style="font-family: 'Times New Roman', serif;"> → Unique name for Service Principal.</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">--role</span><span style="font-family: 'Times New Roman', serif;"> → Role like </span><span style="font-size: 10.0pt; font-family: 'Courier New';">Contributor</span><span style="font-family: 'Times New Roman', serif;">, </span><span style="font-size: 10.0pt; font-family: 'Courier New';">Reader</span><span style="font-family: 'Times New Roman', serif;">, </span><span style="font-size: 10.0pt; font-family: 'Courier New';">Owner</span><span style="font-family: 'Times New Roman', serif;">, or custom.</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">--scopes</span><span style="font-family: 'Times New Roman', serif;"> → Resource scope (e.g., subscription, resource group, specific resource).</span></li></ul> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-family: 'Times New Roman', serif;">Example:</span></strong></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">az ad sp create-for-rbac --name my-app-sp --role Contributor –scopes /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Output:</span></strong></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">json</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">CopyEdit</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">{<!-- --></span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';"> "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';"> "displayName": "my-app-sp",</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';"> "password": "XXXXXXXXXXXXXX",</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';"> "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"</span></p> <p style="margin: 0in; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">}</span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 4: Store These Credentials Securely</span></strong></p> <ul style="margin-bottom: 0in; margin-top: 0px; list-style-position: inside;" type="disc"><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">appId</span><span style="font-family: 'Times New Roman', serif;"> → Client ID</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">password</span><span style="font-family: 'Times New Roman', serif;"> → Client Secret</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-size: 10.0pt; font-family: 'Courier New';">tenant</span><span style="font-family: 'Times New Roman', serif;"> → Tenant ID</span></li></ul> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">These are used for authenticating in code or automation (e.g., with Terraform, Ansible, etc.).</span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"> </p> <div style="margin: 0in; text-align: center; line-height: normal; font-size: 12pt; font-family: Aptos, sans-serif;" align="center"> </div> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 18.0pt; font-family: 'Times New Roman', serif;">Method 2: Create a Service Principal in Azure Portal (Manually)</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 1: Sign in to Azure Portal</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;"><a href="https://portal.azure.com" target="_new" rel="noopener noreferrer"><span style="color: blue;">https://portal.azure.com</span></a></span></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 2: Go to Azure Active Directory</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 3: Click on App registrations → New registration</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 4: Register the Application</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 18.0pt; font-family: 'Times New Roman', serif;"><img src="/sys_attachment.do?sys_id=7127ddc7935eaed45736b25d6cba10a1" width="468" height="486" border="0" /></span></strong></p> <ul style="margin-bottom: 0in; margin-top: 0px; list-style-position: inside;" type="disc"><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-family: 'Times New Roman', serif;">Name</span></strong><span style="font-family: 'Times New Roman', serif;">: e.g., </span><span style="font-size: 10.0pt; font-family: 'Courier New';">example-app</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-family: 'Times New Roman', serif;">Supported account types</span></strong><span style="font-family: 'Times New Roman', serif;">: Usually "Accounts in this organizational directory only"</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-family: 'Times New Roman', serif;">(Optional) Redirect URI</span></strong></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Click <strong>Register</strong></span></li></ul> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 5: Create a Client Secret</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;"><img src="/sys_attachment.do?sys_id=7527ddc7935eaed45736b25d6cba1005" width="468" height="234" border="0" /></span></strong></p> <ul style="margin-bottom: 0in; margin-top: 0px; list-style-position: inside;" type="disc"><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Go to <strong>Certificates & secrets</strong> → <strong>New client secret</strong></span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Add a description and set expiry</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Click <strong>Add</strong></span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Copy the <strong>Value</strong> shown (Client Secret)</span></li></ul> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;">Step 6: Assign Role to the Application</span></strong></p> <p style="line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><strong><span style="font-size: 13.5pt; font-family: 'Times New Roman', serif;"> </span></strong><img style="font-family: verdana, geneva, sans-serif; font-size: 11px;" src="/sys_attachment.do?sys_id=3927ddc7935eaed45736b25d6cba1008" width="468" height="345" border="0" /></p> <ul style="margin-bottom: 0in; margin-top: 0px; list-style-position: inside;" type="disc"><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Go to the <strong>Resource Group</strong> or <strong>Subscription</strong> where access is needed</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Click <strong>Access control (IAM)</strong> → <strong>Add</strong> → <strong>Add role assignment</strong></span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Select role (e.g., Contributor)</span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Select the app under <strong>Members</strong></span></li><li style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"><span style="font-family: 'Times New Roman', serif;">Save</span></li></ul> <p style="line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;"> </p></div>