miniguide

Azure AD & Service Principal Cheatsheet: Create, Manage, and Troubleshoot

Introduction

This cheatsheet is aimed at DevOps professionals using Azure AD. It covers commands for creating, managing, and troubleshooting service principals and their role assignments.

Table of Contents

• Azure AD \& Service Principal Cheatsheet: Create, Manage, and Troubleshoot
  • Introduction
  • Table of Contents
    • 1. Create Service Principal
    • 2. List Service Principals
    • 3. Show Service Principal Details
    • 4. Delete Service Principal
    • 5. Reset SP Credentials
    • 6. List Role Assignments for SP
    • 7. Assign Role to SP
    • 8. Remove Role from SP
    • 9. Troubleshoot SP Login Issues
    • 10. Verify Effective Permissions

1. Create Service Principal

az ad sp create-for-rbac --name <appName> --role Contributor --scopes /subscriptions/<subscriptionId>

2. List Service Principals

az ad sp list --filter "displayName eq '<appName>'" --output table

3. Show Service Principal Details

az ad sp show --id <servicePrincipalId>

4. Delete Service Principal

az ad sp delete --id <servicePrincipalId>

5. Reset SP Credentials

az ad sp credential reset --name <appName> --credential-description "NewCred" --end-date "2025-01-01"

6. List Role Assignments for SP

az role assignment list --assignee <servicePrincipalId> --output table

7. Assign Role to SP

az role assignment create --assignee <servicePrincipalId> --role Reader --scope /subscriptions/<subscriptionId>

8. Remove Role from SP

az role assignment delete --assignee <servicePrincipalId> --role Reader --scope /subscriptions/<subscriptionId>

9. Troubleshoot SP Login Issues

az login --service-principal --username <appId> --password <passwordOrCert> --tenant <tenantId>

10. Verify Effective Permissions

az role assignment list --assignee <servicePrincipalId> --query "[].{Role:roleDefinitionName, Scope:scope}" --output table