az ad sp

Manage Azure Active Directory service principals for automation authentication.

Commands

az ad sp create Create a service principal.
az ad sp create-for-rbac Create a service principal and configure its access to Azure resources.
az ad sp delete Delete a service principal and its role assignments.
az ad sp list List service principals.
az ad sp reset-credentials Reset a service principal credential.
az ad sp show Get the details of a service principal.

az ad sp create

Create a service principal.

az ad sp create --id

Required Parameters

--id
Identifier uri, application id, or object id of the associated application.

az ad sp create-for-rbac

Create a service principal and configure its access to Azure resources.

az ad sp create-for-rbac [--cert]
[--create-cert]
[--keyvault]
[--name]
[--password]
[--role]
[--scopes]
[--sdk-auth]
[--skip-assignment]
[--years]

Examples

Create with a default role assignment.

az ad sp create-for-rbac

Create using a custom name, and with a default assignment.

az ad sp create-for-rbac -n "MyApp"

Create without a default assignment.

az ad sp create-for-rbac --skip-assignment

Create with customized contributor assignments.

az ad sp create-for-rbac -n "MyApp" --role contributor     --scopes /subscriptions/{SubID}/resourceGroups/{MyRG1}     /subscriptions/{SubID}/resourceGroups/{MyRG2}

Create using a self-signed certificte.

az ad sp create-for-rbac --create-cert

Create using a self-signed certificate, and store it within KeyVault.

az ad sp create-for-rbac --keyvault MyVault --cert CertName --create-cert

Create using existing certificate in KeyVault.

az ad sp create-for-rbac --keyvault MyVault --cert CertName

Optional Parameters

--cert
Certificate to use for credentials.
--create-cert
Create a self-signed certificate to use for the credential.
--keyvault
Name or ID of a KeyVault to use for creating or retrieving certificates.
--name -n
Name or app URI to associate the RBAC with. If not present, a name will be generated.
--password -p
The password used to log in.
--role
Role of the service principal.
default value: Contributor
--scopes
Space-separated list of scopes the service principal's role assignment applies to. Defaults to the root of the current subscription.
--sdk-auth
Output result in compatible with Azure SDK auth file.
--skip-assignment
Do not create default assignment.
--years
Number of years for which the credentials will be valid. Default: 1 year.

az ad sp delete

Delete a service principal and its role assignments.

az ad sp delete --id

Required Parameters

--id
Service principal name, or object id.

az ad sp list

List service principals.

az ad sp list [--display-name]
[--filter]
[--spn]

Optional Parameters

--display-name
Object's display name or its prefix.
--filter
OData filter.
--spn
Service principal name.

az ad sp reset-credentials

Reset a service principal credential.

az ad sp reset-credentials --name
[--cert]
[--create-cert]
[--keyvault]
[--password]
[--years]

Required Parameters

--name -n
Name or app URI for the credential.

Optional Parameters

--cert
Certificate to use for credentials.
--create-cert
Create a self-signed certificate to use for the credential.
--keyvault
Name or ID of a KeyVault to use for creating or retrieving certificates.
--password -p
The password used to log in.
--years
Number of years for which the credentials will be valid. Default: 1 year.

az ad sp show

Get the details of a service principal.

az ad sp show --id

Required Parameters

--id
Service principal name, or object id.