Create Service Principal from Azure Portal

Service principal can be created in azure portal using the below steps

PreviousConfigure an ADFS Stamp NextTroubleshooting

Last updated 2 years ago

Was this helpful?

Create Service Principal from Azure Portal

Service principal can be created in azure portal using the below steps

Steps:

Login to the Azure portal using the Azure Stack service admin credentials.
Click on Manage Azure Active Directory.
Click on App registrations from the left pane and click on New registration.

Enter the Name like ’Cloud Assert VConnect SPN Stamp4’ and the Supported account types should be selected as ‘Accounts in this organizational directory only’.

Click Register and will be landed on the application overview page.

6. Click on Add an Application ID URI and Frame Application ID URI like below

Eg: https://vconnect.cloudassertrp.onmicrosoft.com/azs/multi-stamp-manager/a694402b-7fdc- 4d89-bc15-06c6e380adf0

Replace {DirectoryTenantName} and {Guid}
Guid can be obtained by running the below powershell commands

Param

Description

DirectoryTenantName

Directory tenant name in which the service administrator account resides

$resourceManagerUri="<Replce Here>"
$applicationGuid = ([System.Guid]::NewGuid()).Guid
if ($resourceManagerUri -and $resourceManagerUri.Segments.Count -eq 2) {
try { 
$applicationGuid = [System.Guid]::Parse($resourceManagerUri.Segments[0].ToString()) } catch {}
}
Write-Output $applicationGuid

Click on Set

Enter the URI framed in Step 6 and Click Save.

Find the Application Id of the Application named ‘Azure Stack - Administration’ which is created during the Azure Stack Hub stamp deployment.

Ensure the Home page URL in the Branding & properties section and the new Azure Stack Hub stamp ARM endpoint url are same.
Note down the Application Id of the application ‘Azure Stack - Administration’
Go to the application ‘Cloud Assert VConnect SPN Stamp 4’ created on Step 4.
Click 'API permissions' from the left pane.

Click Add a permission.

Click APIs my organization uses and search for the Application Id of the application ‘Azure Stack - Administration’ note down on Step 10.

Click on the application that matches the Application Id and check the permission as seen below and click the 'Add permissions' button.

Click on 'Certificates & secrets' from the left pane.

Click New client secret button. Provide a description and select the expiry as 24 months or more than 24 months

Copy the app secret text to a notepad since it will be hidden once the page is refreshed.

Login to Azure Stack admin portal with the service admin credentials.
Navigate to subscriptions and click on the 'Default Provider Subscription'
Click on Access control (IAM)

Click on the Add button and select Add role assignment
Select the Role as Contributor.
In the select field, search for the SPN “Cloud Assert VConnect SPN Stamp4” with the help of app id obtained in Step 5.