Azure Service Principal is a Security Identity used for Apps & Background Services. It will accomplish the Role of a User Identity require by Applications. It is similar to Service Accounts of Windows in the past.
Advantages
Advantages of App Identity are following:
- Allow multiple Apps to use the Same Identity
- Can use Certificate to Authenticate instead of Passwords
- No Password expiry overheads
- Can restrict read/write access
On App Registration two objects are create – App object & Service Principal object.
Setting Access at Subscription Level
We can set Access to the Service Principal object at the Subscription level. Go to Home > Subscriptions > Access Control (IAM)
In the appearing window choose the App Registration created jus now & Select the Role.
Save changes for completing the Role assignment.
Access Scope
Access Scope is set at the following levels.
- Subscription Level
- Resource Group Level
- Resource Level
References
Microsoft Azure Articles.. 