# Create Azure Service Principal

Creating a Service Principal in Azure and retrieving its Client ID and Secret involves several steps. Below is a detailed, step-by-step guide:

<br>

### Step 1: Log in to Azure

1\. Open the Azure Portal (<https://portal.azure.com>).

2\. Log in with your Azure credentials.

<br>

### Step 2: Navigate to Azure Active Directory

1\. In the left-hand navigation pane, select Azure Active Directory.

2\. Under the Manage section, click App registrations.

<br>

### Step 3: Register a New Application

1\. Click New registration at the top of the page.

2\. Fill in the required fields:

• Name: Enter a descriptive name for the Service Principal (e.g., “MyServicePrincipal”).

• Supported account types: Choose who can access this application. Typically, select Accounts in this organizational directory only.

• Redirect URI: Leave this blank for Service Principal creation unless required by your application.

3\. Click Register.

<br>

### Step 4: Retrieve the Application (Client) ID

1\. Once the registration is complete, you will be redirected to the application’s overview page.

2\. Note down the Application (client) ID and Directory (tenant) ID. You will need them later.

<br>

### Step 5: Create a Client Secret

1\. In the application’s Manage section, select Certificates & secrets.

2\. Under the Client secrets tab, click New client secret.

3\. Provide a description (e.g., “DefaultSecret”) and choose an expiration duration (e.g., 1 year, 2 years, or custom).

4\. Click Add.

5\. Copy the generated value of the secret. This is the Client Secret.

Note: You will not be able to view this secret again once you leave the page, so save it securely.

### Step 6: Create a Custom Role

### 1. Navigate to Azure Active Directory in the portal.

2\. In the left-hand menu, click Roles and administrators > + New custom role.

<br>

### Step 7: Define Role Details

#### 1. Basics Tab:

• Name: Enter a name like “Virtual Machine Manager Role.”

• Description: Provide a brief description, e.g., “Allows listing, getting, starting, and stopping Virtual Machines.”

#### 2. Permissions Tab:

• Click + Add permissions.

• Search for Microsoft.Compute/virtualMachines.

• Select the following actions:

* Microsoft.Compute/virtualMachines/read
* Microsoft.Compute/virtualMachines/start/action
* Microsoft.Compute/virtualMachines/deallocate/action

• Click Add.

#### 3. Assignable Scopes Tab:

Navigate to the Resource Group:

• Specify the scope where this role can be assigned:

• Subscription: Assign it at the subscription level if you want it to apply to all resource groups and VMs.

• Resource Group: Assign it at the resource group level for more granular control. (Here is the most important part, as we have to specify the Resource Groups for this Credential. It is a Best Practice to create Service Principals and roles for 1 to 2-3 Resource Groups, to limit the overgevernance.

• Click + Add Assignable Scope and select the relevant scope.

#### 4. Review and finalize the role:

• Click Review + create.

• Click Create.

### Step 8: Assign the Role to the Service Principal

1\. Navigate to the resource you want the Service Principal to access (e.g., a subscription, resource group, or specific resource).

2\. Go to the Access control (IAM) section of the resource.

3\. Click Add role assignment.

4\. In the Role field, select the Custom Role created in the Step 7

5\. In the Assign access to field, select User, group, or Service Principal.

6\. Search for the name of the Service Principal (the application name you created).

7\. Select it, and click Save.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudplans.io/organization/credentials/create/create-azure-service-principal.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.