1. Docs
  2. Reference
  3. API
  4. Azure AD
  5. ServicePrincipal

ServicePrincipal

Manages a Service Principal associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API. Please see The Granting a Service Principal permission to manage AAD for the required steps.

Example Usage

using Pulumi;
using AzureAD = Pulumi.AzureAD;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleApplication = new AzureAD.Application("exampleApplication", new AzureAD.ApplicationArgs
        {
            AvailableToOtherTenants = false,
            Homepage = "http://homepage",
            IdentifierUris = 
            {
                "http://uri",
            },
            Oauth2AllowImplicitFlow = true,
            ReplyUrls = 
            {
                "http://replyurl",
            },
        });
        var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new AzureAD.ServicePrincipalArgs
        {
            AppRoleAssignmentRequired = false,
            ApplicationId = exampleApplication.ApplicationId,
            Tags = 
            {
                "example",
                "tags",
                "here",
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_azuread as azuread

example_application = azuread.Application("exampleApplication",
    available_to_other_tenants=False,
    homepage="http://homepage",
    identifier_uris=["http://uri"],
    oauth2_allow_implicit_flow=True,
    reply_urls=["http://replyurl"])
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
    app_role_assignment_required=False,
    application_id=example_application.application_id,
    tags=[
        "example",
        "tags",
        "here",
    ])
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
    appRoleAssignmentRequired: false,
    applicationId: exampleApplication.applicationId,
    tags: [
        "example",
        "tags",
        "here",
    ],
});

Create a ServicePrincipal Resource

new ServicePrincipal(name: string, args: ServicePrincipalArgs, opts?: CustomResourceOptions);
def ServicePrincipal(resource_name, opts=None, app_role_assignment_required=None, application_id=None, oauth2_permissions=None, tags=None, __props__=None);
func NewServicePrincipal(ctx *Context, name string, args ServicePrincipalArgs, opts ...ResourceOption) (*ServicePrincipal, error)
public ServicePrincipal(string name, ServicePrincipalArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ServicePrincipal Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ServicePrincipal resource accepts the following input properties:

ApplicationId string

The ID of the Azure AD Application for which to create a Service Principal.

AppRoleAssignmentRequired bool

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

Oauth2Permissions List<Pulumi.AzureAD.Inputs.ServicePrincipalOauth2PermissionArgs>

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

Tags List<string>

A list of tags to apply to the Service Principal.

ApplicationId string

The ID of the Azure AD Application for which to create a Service Principal.

AppRoleAssignmentRequired bool

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

Oauth2Permissions []ServicePrincipalOauth2Permission

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

Tags []string

A list of tags to apply to the Service Principal.

applicationId string

The ID of the Azure AD Application for which to create a Service Principal.

appRoleAssignmentRequired boolean

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

oauth2Permissions ServicePrincipalOauth2Permission[]

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

tags string[]

A list of tags to apply to the Service Principal.

application_id str

The ID of the Azure AD Application for which to create a Service Principal.

app_role_assignment_required bool

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

oauth2_permissions List[ServicePrincipalOauth2Permission]

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

tags List[str]

A list of tags to apply to the Service Principal.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServicePrincipal resource produces the following output properties:

DisplayName string

The Display Name of the Azure Active Directory Application associated with this Service Principal.

Id string
The provider-assigned unique ID for this managed resource.
ObjectId string

The Service Principal’s Object ID.

DisplayName string

The Display Name of the Azure Active Directory Application associated with this Service Principal.

Id string
The provider-assigned unique ID for this managed resource.
ObjectId string

The Service Principal’s Object ID.

displayName string

The Display Name of the Azure Active Directory Application associated with this Service Principal.

id string
The provider-assigned unique ID for this managed resource.
objectId string

The Service Principal’s Object ID.

display_name str

The Display Name of the Azure Active Directory Application associated with this Service Principal.

id str
The provider-assigned unique ID for this managed resource.
object_id str

The Service Principal’s Object ID.

Look up an Existing ServicePrincipal Resource

Get an existing ServicePrincipal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServicePrincipalState, opts?: CustomResourceOptions): ServicePrincipal
static get(resource_name, id, opts=None, app_role_assignment_required=None, application_id=None, display_name=None, oauth2_permissions=None, object_id=None, tags=None, __props__=None);
func GetServicePrincipal(ctx *Context, name string, id IDInput, state *ServicePrincipalState, opts ...ResourceOption) (*ServicePrincipal, error)
public static ServicePrincipal Get(string name, Input<string> id, ServicePrincipalState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AppRoleAssignmentRequired bool

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

ApplicationId string

The ID of the Azure AD Application for which to create a Service Principal.

DisplayName string

The Display Name of the Azure Active Directory Application associated with this Service Principal.

Oauth2Permissions List<Pulumi.AzureAD.Inputs.ServicePrincipalOauth2PermissionArgs>

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

ObjectId string

The Service Principal’s Object ID.

Tags List<string>

A list of tags to apply to the Service Principal.

AppRoleAssignmentRequired bool

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

ApplicationId string

The ID of the Azure AD Application for which to create a Service Principal.

DisplayName string

The Display Name of the Azure Active Directory Application associated with this Service Principal.

Oauth2Permissions []ServicePrincipalOauth2Permission

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

ObjectId string

The Service Principal’s Object ID.

Tags []string

A list of tags to apply to the Service Principal.

appRoleAssignmentRequired boolean

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

applicationId string

The ID of the Azure AD Application for which to create a Service Principal.

displayName string

The Display Name of the Azure Active Directory Application associated with this Service Principal.

oauth2Permissions ServicePrincipalOauth2Permission[]

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

objectId string

The Service Principal’s Object ID.

tags string[]

A list of tags to apply to the Service Principal.

app_role_assignment_required bool

Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to false.

application_id str

The ID of the Azure AD Application for which to create a Service Principal.

display_name str

The Display Name of the Azure Active Directory Application associated with this Service Principal.

oauth2_permissions List[ServicePrincipalOauth2Permission]

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2_permission block as documented below.

object_id str

The Service Principal’s Object ID.

tags List[str]

A list of tags to apply to the Service Principal.

Supporting Types

ServicePrincipalOauth2Permission

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AdminConsentDescription string

The description of the admin consent.

AdminConsentDisplayName string

The display name of the admin consent.

Id string

The unique identifier for one of the OAuth2Permission.

IsEnabled bool

Is this permission enabled?

Type string

The type of the permission.

UserConsentDescription string

The description of the user consent.

UserConsentDisplayName string

The display name of the user consent.

Value string

The name of this permission.

AdminConsentDescription string

The description of the admin consent.

AdminConsentDisplayName string

The display name of the admin consent.

Id string

The unique identifier for one of the OAuth2Permission.

IsEnabled bool

Is this permission enabled?

Type string

The type of the permission.

UserConsentDescription string

The description of the user consent.

UserConsentDisplayName string

The display name of the user consent.

Value string

The name of this permission.

adminConsentDescription string

The description of the admin consent.

adminConsentDisplayName string

The display name of the admin consent.

id string

The unique identifier for one of the OAuth2Permission.

isEnabled boolean

Is this permission enabled?

type string

The type of the permission.

userConsentDescription string

The description of the user consent.

userConsentDisplayName string

The display name of the user consent.

value string

The name of this permission.

adminConsentDescription str

The description of the admin consent.

adminConsentDisplayName str

The display name of the admin consent.

id str

The unique identifier for one of the OAuth2Permission.

isEnabled bool

Is this permission enabled?

type str

The type of the permission.

userConsentDescription str

The description of the user consent.

userConsentDisplayName str

The display name of the user consent.

value str

The name of this permission.

Package Details

Repository
https://github.com/pulumi/pulumi-azuread
License
Apache-2.0
Notes
This Pulumi package is based on the azuread Terraform Provider.