Skip to main content

Create service principals

info

Two pipelines will be created later: "Export" and "Plan and Apply".

A service principal is required for each pipeline.

The service principals will be used to define Service Connections in Azure DevOps, which will later be used when the extension is run.

Below is an example procedure showing how to create the "read" service principal. Repeat this procedure for each of the two service principals.

Log on to the Azure Portal Navigate to "Azure Active Directory" Select app registrations from the menu Select "+ New registration"

Enter a name for the service principal. e.g. sp_rbac_pipeline_read

Register an application

Select "Register"

Select "Certificates & secrets" from the menu for the newly registered application and create a secret or key for use later.

In this example a secret is created.

Ensure you capture the secret on creation as it won't be available later.

Add a secret

Select "API permissions" from the menu for the newly registered application Add the following "Microsoft Graph" permissions

  • Application.Read.All
  • Group.Read.All
  • User.Read.All
  • User.Read (Should be added already as a default)

Once added grant admin consent for your organisation.

Set API permissions