You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/topics/identity.md
+28-1Lines changed: 28 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,34 @@ This feature is used to create nodes which have an identity provisioned onto the
8
8
All identities used in Azure are owned by Azure Active Directory (AAD). An identity, or principal, in AAD will provide the basis for each of the flavors of identities we will describe.
9
9
10
10
### Service Principal
11
-
A service principal is an identity in AAD which is described by a TenantID, ClientID, and ClientSecret. The set of these three values will enable the holder to exchange the values for a JWT token to communicate with Azure. The values are normally stored in a file or environment variables. The user generally creates a service principal, saves the credentials, and then uses the credentials in applications.
11
+
A service principal is an identity in AAD which is described by a TenantID, ClientID, and ClientSecret. The set of these three values will enable the holder to exchange the values for a JWT token to communicate with Azure. The values are normally stored in a file or environment variables. The user generally creates a service principal, saves the credentials, and then uses the credentials in applications. You can read more about
12
+
Service Principals and AD Applications: ["Application and service principal objects in Azure Active Directory"](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/).
13
+
14
+
#### Creating a Service Principal
15
+
16
+
***With the [Azure CLI](https://github.com/Azure/azure-cli)**
17
+
18
+
* Subscription level scope
19
+
```shell
20
+
az login
21
+
az account set --subscription="${AZURE_SUBSCRIPTION_ID}"
22
+
az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/${AZURE_SUBSCRIPTION_ID}"
23
+
```
24
+
* Resource group level scope
25
+
```shell
26
+
az login
27
+
az account set --subscription="${AZURE_SUBSCRIPTION_ID}"
28
+
az ad sp create-for-rbac --role="Owner" --scopes="/subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${AZURE_RESOURCE_GROUP}"
29
+
```
30
+
31
+
This will output your `appId`, `password`, `name`, and `tenant`. The `name` or `appId` is used for the `AZURE_CLIENT_ID` and the `password` is used for`AZURE_CLIENT_SECRET`.
32
+
33
+
Confirm your service principal by opening a new shell and run the following commands substituting in`name`, `password`, and `tenant`:
34
+
35
+
```shell
36
+
az login --service-principal -u NAME -p PASSWORD --tenant TENANT
0 commit comments