Types Of Service Principals Authentication Methods

As you know, in DevOps environments, automation tools require restricted access and a requirement to minimize manual intervention as much as possible for authentications. This can be achieved using service principals that allow applications to sign in with specific permissions.

Basically, these Azure service principals work as an identity, created in Azure AD when an application is registered in the Azure Active Directory.

There are two types of service principals authentication methods:

  1. Password-based authentication (application secret) 
  2. Certificate-based authentication.

Method 1 - Using a certificate method

Here you can create an existing certificate if you have one, or you can create a self-signed certificate.

To create a self-signed certificate, refer New-SelfSignedCertificate with the following parameters to create the cert in the user certificate store on Powershell:

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "mysite.local" -FriendlyName "MySiteCert" -NotAfter (Get-Date).AddYears(10)

Export this certificate to a file using the MMC snap-in accessible from the Windows Control Panel.

Step 1

Select Run from the Start menu, and then enter certmgr.msc.

Step 2

To view your certificates, under Certificates - Current User in the left pane, and expand the personal directory.

Step 3

Right-click on the cert you created, then select All tasks->Export.

Step 4

Follow the Certificate Export wizard. Do not export the private key. Export to a .CER file.

Step 5

To upload the certificate:

  1. Select Azure Active Directory.
  2. From App registrations in Azure AD, select your application.
  3. Select Certificates & Secrets.
  4. Select Certificates, then Upload certificate, and select the certificate (an existing certificate or the self-signed certificate you exported).

Step 6

Select Add.

After registering the certificate with the application in the application registration portal, enable the client application code to use the certificate.

Method 2 - Creating a new application secret

Step 1

Select Azure Active Directory.

Step 2

From App registrations in Azure AD, select your application.

Step 3

Select Certificates & secrets.

Step 4

Select Client secrets -> New client secret.

Step 5

Provide a description of the secret and configure a duration.

Step 6

Select Add.

Important: After saving the client secret, the value of the client secret is displayed. Copy this value, because this is a one-time visible value. 


Similar Articles