az ad sp
Manage Azure Active Directory service principals for automation authentication.
Commands
| az ad sp create | Create a service principal. |
| az ad sp create-for-rbac | Create a service principal and configure its access to Azure resources. |
| az ad sp credential | Manage a service principal's credentials. |
| az ad sp credential delete | Delete a service principal's credential. |
| az ad sp credential list | List a service principal's credentials. |
| az ad sp credential reset | Reset a service principal credential. |
| az ad sp delete | Delete a service principal and its role assignments. |
| az ad sp list | List service principals. |
| az ad sp owner | Manage service principal owners. |
| az ad sp owner list | List service principal owners. |
| az ad sp show | Get the details of a service principal. |
az ad sp create
Create a service principal.
az ad sp create --id
[--subscription]Required Parameters
Identifier uri, application id, or object id of the associated application.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
az ad sp create-for-rbac
Create a service principal and configure its access to Azure resources.
az ad sp create-for-rbac [--cert]
[--create-cert]
[--keyvault]
[--name]
[--password]
[--role]
[--scopes]
[--sdk-auth {false, true}]
[--skip-assignment {false, true}]
[--subscription]
[--years]Examples
Create with a default role assignment.
az ad sp create-for-rbacCreate using a custom name, and with a default assignment.
az ad sp create-for-rbac -n "MyApp"Create without a default assignment.
az ad sp create-for-rbac --skip-assignmentCreate with customized contributor assignments.
az ad sp create-for-rbac -n "MyApp" --role contributor \
--scopes /subscriptions/{SubID}/resourceGroups/{ResourceGroup1} \
/subscriptions/{SubID}/resourceGroups/{ResourceGroup2}Create using a self-signed certificte.
az ad sp create-for-rbac --create-certCreate using a self-signed certificate, and store it within KeyVault.
az ad sp create-for-rbac --keyvault MyVault --cert CertName --create-certCreate using existing certificate in KeyVault.
az ad sp create-for-rbac --keyvault MyVault --cert CertNameOptional Parameters
Certificate to use for credentials.
Create a self-signed certificate to use for the credential.
Name or ID of a KeyVault to use for creating or retrieving certificates.
A URI to use as the logic name. It doesn't need to exist. If not present, CLI will generate one.
If missing, CLI will generate a strong password.
Role of the service principal.
Space-separated list of scopes the service principal's role assignment applies to. Defaults to the root of the current subscription.
Output result in compatible with Azure SDK auth file.
Skip creating the default assignment, which allows the service principal to access resources under the current subscription.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Number of years for which the credentials will be valid. Default: 1 year.
az ad sp delete
Delete a service principal and its role assignments.
az ad sp delete --id
[--subscription]Required Parameters
Service principal name, or object id.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
az ad sp list
List service principals.
az ad sp list [--all]
[--display-name]
[--filter]
[--show-mine]
[--spn]
[--subscription]Optional Parameters
List all entities, expect long delay if under a big organization.
Object's display name or its prefix.
OData filter.
List entities owned by the current user.
Service principal name.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
az ad sp show
Get the details of a service principal.
az ad sp show --id
[--subscription]Required Parameters
Service principal name, or object id.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.