Reputation: 491
Service Principals I create are not being created as mine
I've executed the code below to create a service principal and then list all of my service principals. However, the service principal I just created is not listed.
Upvotes: 0
Views: 128
Answers (1)
Reputation: 22352
When I ran those CLI commands in my environment, I too got same response like this:
az ad sp create-for-rbac
az ad sp list --show-mine
Response:
This happens if the signed-in user has Admin roles like Global Administrator of the tenant, that won't be added as Owner of newly created service principal which can be checked here in Enterprise applications:
But when I ran the same commands by signing in with new user account not having Global Administrator access, got response successfully like this:
az ad sp create-for-rbac
az ad sp list --show-mine
Response:
In such cases where you are logging with Admin accounts, you can make use of below bash script that adds signed-in user as Owner of newly created service principal explicitly:
sp_create=$(az ad sp create-for-rbac)
echo "Output of 'az ad sp create-for-rbac':"
echo "$sp_create"
appId=$(echo $sp_create | jq -r '.appId')
# Retrieve the objectId of the service principal
spObjectId=$(az ad sp show --id $appId --query id --output tsv)
echo "Service Principal Object ID: $spObjectId"
# Get the objectId for the signed-in user
ownerObjectId=$(az ad signed-in-user show --query id -o tsv)
echo "Owner Object ID: $ownerObjectId"
# Add the signed-in user as an owner to the service principal
add_owner_response=$(az rest -m POST -u https://graph.microsoft.com/beta/servicePrincipals/$spObjectId/owners/\$ref -b "{\"@odata.id\": \"https://graph.microsoft.com/beta/directoryObjects/$ownerObjectId\"}")
echo "Owner added successfully to the service principal."
Response:
To confirm that, I checked the same in Portal where signed-in user is added as Owner of service principal like this:
When I ran the same command now to list applications owned by signed-in user having Admin access, I got response with expected results:
az ad sp list --show-mine
Response:
Reference: Overview of enterprise application ownership - Microsoft Entra ID
Upvotes: 2
Related Questions
- Azure AD service principals and assigned groups
- What Role or Scopes Does An Azure Service Principal Need to Create Applications
- Programmatically create Azure AD Service Principals in .NET
- Can a service principal create other service principals in Azure?
- access issue when using Azure Service principal created in a new tenant
- Service principals created by app registration - mandatory?
- How to create an Azure custom role that allows registering applications and service principals
- Is there way to exclude the Microsoft default (OOBE) service principals?
- Azure Active Directory application and service principals
- PowerBI Client does not work with Azure AD service principals