az ad sp
Manage Azure Active Directory service principals for automation authentication.
Commands
| az ad sp create |
Create a service principal. |
| az ad sp create-for-rbac |
Create a service principal and configure its access to Azure resources. |
| az ad sp credential |
Manage a service principal's credentials. |
| az ad sp credential delete |
Delete a service principal's credential. |
| az ad sp credential list |
List a service principal's credentials. |
| az ad sp credential reset |
Reset a service principal credential. |
| az ad sp delete |
Delete a service principal and its role assignments. |
| az ad sp list |
List service principals. |
| az ad sp owner |
Manage service principal owners. |
| az ad sp owner list |
List service principal owners. |
| az ad sp show |
Get the details of a service principal. |
| az ad sp update |
Update a service principal. |
az ad sp create
Create a service principal.
az ad sp create --idExamples
Create a service principal. (autogenerated)
az ad sp create --id 00000000-0000-0000-0000-000000000000Required Parameters
Identifier uri, application id, or object id of the associated application.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp create-for-rbac
Create a service principal and configure its access to Azure resources.
az ad sp create-for-rbac [--cert]
[--create-cert]
[--keyvault]
[--name]
[--role]
[--scopes]
[--sdk-auth {false, true}]
[--skip-assignment {false, true}]
[--years]Examples
Create with a default role assignment.
az ad sp create-for-rbacCreate using a custom name, and with a default assignment.
az ad sp create-for-rbac -n "MyApp"Create without a default assignment.
az ad sp create-for-rbac --skip-assignmentCreate with customized contributor assignments.
az ad sp create-for-rbac -n "MyApp" --role contributor \
--scopes /subscriptions/{SubID}/resourceGroups/{ResourceGroup1} \
/subscriptions/{SubID}/resourceGroups/{ResourceGroup2}Create using a self-signed certificate.
az ad sp create-for-rbac --create-certCreate using a self-signed certificate, and store it within KeyVault.
az ad sp create-for-rbac --keyvault MyVault --cert CertName --create-certCreate using existing certificate in KeyVault.
az ad sp create-for-rbac --keyvault MyVault --cert CertNameOptional Parameters
Certificate to use for credentials.
Create a self-signed certificate to use for the credential. Only the current OS user has read/write permission to this certificate.
Name or ID of a KeyVault to use for creating or retrieving certificates.
A URI to use as the logic name. It doesn't need to exist. If not present, CLI will generate one.
Role of the service principal.
Space-separated list of scopes the service principal's role assignment applies to. Defaults to the root of the current subscription. e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
Output result in compatible with Azure SDK auth file.
Skip creating the default assignment, which allows the service principal to access resources under the current subscription. When specified, --scopes will be ignored. You may use az role assignment create to create role assignments for this service principal later.
Number of years for which the credentials will be valid. Default: 1 year.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp delete
Delete a service principal and its role assignments.
az ad sp delete --idExamples
Delete a service principal and its role assignments. (autogenerated)
az ad sp delete --id 00000000-0000-0000-0000-000000000000Required Parameters
Service principal name, or object id.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp list
List service principals.
For low latency, by default, only the first 100 will be returned unless you provide filter arguments or use "--all".
az ad sp list [--all]
[--display-name]
[--filter]
[--query-examples]
[--show-mine]
[--spn]Optional Parameters
List all entities, expect long delay if under a big organization.
Object's display name or its prefix.
OData filter, e.g. --filter "displayname eq 'test' and servicePrincipalType eq 'Application'".
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
List entities owned by the current user.
Service principal name.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp show
Get the details of a service principal.
az ad sp show --id
[--query-examples]Examples
Get the details of a service principal. (autogenerated)
az ad sp show --id 00000000-0000-0000-0000-000000000000Required Parameters
Service principal name, or object id.
Optional Parameters
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az ad sp update
Update a service principal.
az ad sp update --id
[--add]
[--force-string]
[--remove]
[--set]Examples
update a service principal (autogenerated)
az ad sp update --id 00000000-0000-0000-0000-000000000000 --set groupMembershipClaims=AllRequired Parameters
Service principal name, or object id.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Remove a property or an element from a list. Example: --remove property.list
Update an object by specifying a property path and value to set. Example: --set property1.property2=
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.