SteGriff

Blog

Next & Previous

How to create an Azure Active Directory Application and a Service Principal

You can use AAD Applications to add single-sign-on capabilities into your web app. Another use is to authenticate your own program code to call the Azure APIs, or to talk to Kudu (the source control and extension system which is installed in parallel with every Azure Web App)

I just came back to refer to an article I wrote a little while ago about adding LetsEncrypt to an Azure Function app, and I couldn't remember how to add a Service Principal, so I thought I'd expand the wiki-ness a little...

Create an Enterprise Application

Adding your own application

I'm going to tell you what to click on if you want to build muscle memory, but I've also left links for the lazy:

After the app is created

The app is created and its new blade opens:

Beware - you must defend these new credentials (the combination of App ID and Secret) because they are functionally sign-in details for your Azure tenancy. Currently they don't have any permissions assigned, but after you add this app onto some resources or groups, they will be dangerous in the wrong hands. Store them encrypted.

These credentials can be used in the Azure LetsEncrypt Extension. You can do other stuff with them too I guess.