Get-MsolServicePrincipalCredential

Gets credentials associated with a service principal.

Syntax

Get-MsolServicePrincipalCredential
   -ObjectId <Guid>
   -ReturnKeyValues <Boolean>
   [-TenantId <Guid>]
   [<CommonParameters>]
Get-MsolServicePrincipalCredential
   -ReturnKeyValues <Boolean>
   -AppPrincipalId <Guid>
   [-TenantId <Guid>]
   [<CommonParameters>]
Get-MsolServicePrincipalCredential
   -ReturnKeyValues <Boolean>
   -ServicePrincipalName <String>
   [-TenantId <Guid>]
   [<CommonParameters>]

Description

The Get-MsolServicePrincipalCredential cmdlet gets credentials that are associated with a service principal.

Examples

Example 1: Get credential properties

PS C:\> Get-MsolServicePrincipalCredential -ServicePrincipalName "MyApp/myApp.com"

This command gets all the credential properties, except the credential value, that are associated with the service principal name (SPN) MyApp/myApp.com. An SPN must follow the format appClass/hostname, where appClass represents the application class ("MyApp") and hostname represents the hostname for the application (myApp.com).

Parameters

-AppPrincipalId

Specifies the application ID of the service principal for which to get credentials.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ObjectId

Specifies the unique object ID of the service principal for which to get credentials.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ReturnKeyValues

Indicates whether this cmdlet returns key values.

Type:Boolean
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ServicePrincipalName

Specifies the name of the service principal from which to get credentials. An SPN must use one of the following formats:

  • appName
  • appName/hostname
  • a valid URL

AppName represents the name of the application. Hostname represents the URI authority for the application.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-TenantId

Specifies the unique ID of the tenant on which to perform the operation. The default value is the tenant of the current user. This parameter applies only to partner users.

Type:Guid
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

Outputs

Microsoft.Online.Administration.ServicePrincipalCredential[]

This cmdlet returns the credentials that are associated with a service principal. Each returned object contains the following information:

  • Type. The type of service principal credential (Asymmetric/Symmetric/Password).
  • Value. The value of the credential.
    • If the credential type is certificate, this represents the base 64 encoded certificate.
    • If credential type is symmetric, it represents an AES key.
  • KeyGroupId. The identifier reserved for internal use.
  • KeyId. The unique identifier of the key.
  • StartDate. The effective start date of the credential usage.
  • EndDate. The effective end date of the credential usage.
  • Usage . Specifies if the credential is used to "sign" or "verify" a token.