1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. getServicePrincipal
Azure Active Directory (Azure AD) v5.47.1 published on Friday, Feb 9, 2024 by Pulumi

azuread.getServicePrincipal

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.47.1 published on Friday, Feb 9, 2024 by Pulumi

    Gets information about an existing service principal associated with an application within Azure Active Directory.

    API Permissions

    The following API permissions are required in order to use this data source.

    When authenticated with a service principal, this data source requires one of the following application roles: Application.Read.All or Directory.Read.All

    When authenticated with a user principal, this data source does not require any additional roles.

    Example Usage

    Look up by application display name

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = AzureAD.GetServicePrincipal.Invoke(new()
        {
            DisplayName = "my-awesome-application",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
    			DisplayName: pulumi.StringRef("my-awesome-application"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.AzureadFunctions;
    import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
                .displayName("my-awesome-application")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.get_service_principal(display_name="my-awesome-application")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = azuread.getServicePrincipal({
        displayName: "my-awesome-application",
    });
    
    variables:
      example:
        fn::invoke:
          Function: azuread:getServicePrincipal
          Arguments:
            displayName: my-awesome-application
    

    Look up by client ID

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = AzureAD.GetServicePrincipal.Invoke(new()
        {
            ClientId = "00000000-0000-0000-0000-000000000000",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
    			ClientId: pulumi.StringRef("00000000-0000-0000-0000-000000000000"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.AzureadFunctions;
    import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
                .clientId("00000000-0000-0000-0000-000000000000")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.get_service_principal(client_id="00000000-0000-0000-0000-000000000000")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = azuread.getServicePrincipal({
        clientId: "00000000-0000-0000-0000-000000000000",
    });
    
    variables:
      example:
        fn::invoke:
          Function: azuread:getServicePrincipal
          Arguments:
            clientId: 00000000-0000-0000-0000-000000000000
    

    Look up by service principal object ID

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = AzureAD.GetServicePrincipal.Invoke(new()
        {
            ObjectId = "00000000-0000-0000-0000-000000000000",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
    			ObjectId: pulumi.StringRef("00000000-0000-0000-0000-000000000000"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.AzureadFunctions;
    import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
                .objectId("00000000-0000-0000-0000-000000000000")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.get_service_principal(object_id="00000000-0000-0000-0000-000000000000")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = azuread.getServicePrincipal({
        objectId: "00000000-0000-0000-0000-000000000000",
    });
    
    variables:
      example:
        fn::invoke:
          Function: azuread:getServicePrincipal
          Arguments:
            objectId: 00000000-0000-0000-0000-000000000000
    

    Using getServicePrincipal

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getServicePrincipal(args: GetServicePrincipalArgs, opts?: InvokeOptions): Promise<GetServicePrincipalResult>
    function getServicePrincipalOutput(args: GetServicePrincipalOutputArgs, opts?: InvokeOptions): Output<GetServicePrincipalResult>
    def get_service_principal(application_id: Optional[str] = None,
                              client_id: Optional[str] = None,
                              display_name: Optional[str] = None,
                              object_id: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetServicePrincipalResult
    def get_service_principal_output(application_id: Optional[pulumi.Input[str]] = None,
                              client_id: Optional[pulumi.Input[str]] = None,
                              display_name: Optional[pulumi.Input[str]] = None,
                              object_id: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetServicePrincipalResult]
    func LookupServicePrincipal(ctx *Context, args *LookupServicePrincipalArgs, opts ...InvokeOption) (*LookupServicePrincipalResult, error)
    func LookupServicePrincipalOutput(ctx *Context, args *LookupServicePrincipalOutputArgs, opts ...InvokeOption) LookupServicePrincipalResultOutput

    > Note: This function is named LookupServicePrincipal in the Go SDK.

    public static class GetServicePrincipal 
    {
        public static Task<GetServicePrincipalResult> InvokeAsync(GetServicePrincipalArgs args, InvokeOptions? opts = null)
        public static Output<GetServicePrincipalResult> Invoke(GetServicePrincipalInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetServicePrincipalResult> getServicePrincipal(GetServicePrincipalArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azuread:index/getServicePrincipal:getServicePrincipal
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ApplicationId string

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    ClientId string
    The client ID of the application associated with this service principal.
    DisplayName string
    The display name of the application associated with this service principal.
    ObjectId string

    The object ID of the service principal.

    One of client_id, display_name or object_id must be specified.

    ApplicationId string

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    ClientId string
    The client ID of the application associated with this service principal.
    DisplayName string
    The display name of the application associated with this service principal.
    ObjectId string

    The object ID of the service principal.

    One of client_id, display_name or object_id must be specified.

    applicationId String

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    clientId String
    The client ID of the application associated with this service principal.
    displayName String
    The display name of the application associated with this service principal.
    objectId String

    The object ID of the service principal.

    One of client_id, display_name or object_id must be specified.

    applicationId string

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    clientId string
    The client ID of the application associated with this service principal.
    displayName string
    The display name of the application associated with this service principal.
    objectId string

    The object ID of the service principal.

    One of client_id, display_name or object_id must be specified.

    application_id str

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    client_id str
    The client ID of the application associated with this service principal.
    display_name str
    The display name of the application associated with this service principal.
    object_id str

    The object ID of the service principal.

    One of client_id, display_name or object_id must be specified.

    applicationId String

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    clientId String
    The client ID of the application associated with this service principal.
    displayName String
    The display name of the application associated with this service principal.
    objectId String

    The object ID of the service principal.

    One of client_id, display_name or object_id must be specified.

    getServicePrincipal Result

    The following output properties are available:

    AccountEnabled bool
    Whether the service principal account is enabled.
    AlternativeNames List<string>
    A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
    AppRoleAssignmentRequired bool
    Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
    AppRoleIds Dictionary<string, string>
    A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
    AppRoles List<Pulumi.AzureAD.Outputs.GetServicePrincipalAppRole>
    A list of app roles published by the associated application, as documented below. For more information official documentation.
    ApplicationId string

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    ApplicationTenantId string
    The tenant ID where the associated application is registered.
    ClientId string
    The client ID of the application associated with this service principal.
    Description string
    Permission help text that appears in the admin app assignment and consent experiences.
    DisplayName string
    Display name for the permission that appears in the admin consent and app assignment experiences.
    FeatureTags List<Pulumi.AzureAD.Outputs.GetServicePrincipalFeatureTag>
    Features List<Pulumi.AzureAD.Outputs.GetServicePrincipalFeature>
    A features block as described below.

    Deprecated:This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

    HomepageUrl string
    Home page or landing page of the associated application.
    Id string
    The provider-assigned unique ID for this managed resource.
    LoginUrl string
    The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.
    LogoutUrl string
    The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
    Notes string
    A free text field to capture information about the service principal, typically used for operational purposes.
    NotificationEmailAddresses List<string>
    A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
    Oauth2PermissionScopeIds Dictionary<string, string>
    A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
    Oauth2PermissionScopes List<Pulumi.AzureAD.Outputs.GetServicePrincipalOauth2PermissionScope>
    A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an oauth2_permission_scopes block as documented below.
    ObjectId string
    The object ID of the service principal.
    PreferredSingleSignOnMode string
    The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
    RedirectUris List<string>
    A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
    SamlMetadataUrl string
    The URL where the service exposes SAML metadata for federation.
    SamlSingleSignOns List<Pulumi.AzureAD.Outputs.GetServicePrincipalSamlSingleSignOn>
    A saml_single_sign_on block as documented below.
    ServicePrincipalNames List<string>
    A list of identifier URI(s), copied over from the associated application.
    SignInAudience string
    The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
    Tags List<string>
    A list of tags applied to the service principal.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    AccountEnabled bool
    Whether the service principal account is enabled.
    AlternativeNames []string
    A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
    AppRoleAssignmentRequired bool
    Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
    AppRoleIds map[string]string
    A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
    AppRoles []GetServicePrincipalAppRole
    A list of app roles published by the associated application, as documented below. For more information official documentation.
    ApplicationId string

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    ApplicationTenantId string
    The tenant ID where the associated application is registered.
    ClientId string
    The client ID of the application associated with this service principal.
    Description string
    Permission help text that appears in the admin app assignment and consent experiences.
    DisplayName string
    Display name for the permission that appears in the admin consent and app assignment experiences.
    FeatureTags []GetServicePrincipalFeatureTag
    Features []GetServicePrincipalFeature
    A features block as described below.

    Deprecated:This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

    HomepageUrl string
    Home page or landing page of the associated application.
    Id string
    The provider-assigned unique ID for this managed resource.
    LoginUrl string
    The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.
    LogoutUrl string
    The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
    Notes string
    A free text field to capture information about the service principal, typically used for operational purposes.
    NotificationEmailAddresses []string
    A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
    Oauth2PermissionScopeIds map[string]string
    A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
    Oauth2PermissionScopes []GetServicePrincipalOauth2PermissionScope
    A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an oauth2_permission_scopes block as documented below.
    ObjectId string
    The object ID of the service principal.
    PreferredSingleSignOnMode string
    The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
    RedirectUris []string
    A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
    SamlMetadataUrl string
    The URL where the service exposes SAML metadata for federation.
    SamlSingleSignOns []GetServicePrincipalSamlSingleSignOn
    A saml_single_sign_on block as documented below.
    ServicePrincipalNames []string
    A list of identifier URI(s), copied over from the associated application.
    SignInAudience string
    The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
    Tags []string
    A list of tags applied to the service principal.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    accountEnabled Boolean
    Whether the service principal account is enabled.
    alternativeNames List<String>
    A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
    appRoleAssignmentRequired Boolean
    Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
    appRoleIds Map<String,String>
    A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
    appRoles List<GetServicePrincipalAppRole>
    A list of app roles published by the associated application, as documented below. For more information official documentation.
    applicationId String

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    applicationTenantId String
    The tenant ID where the associated application is registered.
    clientId String
    The client ID of the application associated with this service principal.
    description String
    Permission help text that appears in the admin app assignment and consent experiences.
    displayName String
    Display name for the permission that appears in the admin consent and app assignment experiences.
    featureTags List<GetServicePrincipalFeatureTag>
    features List<GetServicePrincipalFeature>
    A features block as described below.

    Deprecated:This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

    homepageUrl String
    Home page or landing page of the associated application.
    id String
    The provider-assigned unique ID for this managed resource.
    loginUrl String
    The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.
    logoutUrl String
    The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
    notes String
    A free text field to capture information about the service principal, typically used for operational purposes.
    notificationEmailAddresses List<String>
    A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
    oauth2PermissionScopeIds Map<String,String>
    A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2PermissionScopes List<GetServicePrincipalOauth2PermissionScope>
    A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an oauth2_permission_scopes block as documented below.
    objectId String
    The object ID of the service principal.
    preferredSingleSignOnMode String
    The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
    redirectUris List<String>
    A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
    samlMetadataUrl String
    The URL where the service exposes SAML metadata for federation.
    samlSingleSignOns List<GetServicePrincipalSamlSingleSignOn>
    A saml_single_sign_on block as documented below.
    servicePrincipalNames List<String>
    A list of identifier URI(s), copied over from the associated application.
    signInAudience String
    The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
    tags List<String>
    A list of tags applied to the service principal.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    accountEnabled boolean
    Whether the service principal account is enabled.
    alternativeNames string[]
    A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
    appRoleAssignmentRequired boolean
    Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
    appRoleIds {[key: string]: string}
    A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
    appRoles GetServicePrincipalAppRole[]
    A list of app roles published by the associated application, as documented below. For more information official documentation.
    applicationId string

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    applicationTenantId string
    The tenant ID where the associated application is registered.
    clientId string
    The client ID of the application associated with this service principal.
    description string
    Permission help text that appears in the admin app assignment and consent experiences.
    displayName string
    Display name for the permission that appears in the admin consent and app assignment experiences.
    featureTags GetServicePrincipalFeatureTag[]
    features GetServicePrincipalFeature[]
    A features block as described below.

    Deprecated:This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

    homepageUrl string
    Home page or landing page of the associated application.
    id string
    The provider-assigned unique ID for this managed resource.
    loginUrl string
    The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.
    logoutUrl string
    The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
    notes string
    A free text field to capture information about the service principal, typically used for operational purposes.
    notificationEmailAddresses string[]
    A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
    oauth2PermissionScopeIds {[key: string]: string}
    A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2PermissionScopes GetServicePrincipalOauth2PermissionScope[]
    A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an oauth2_permission_scopes block as documented below.
    objectId string
    The object ID of the service principal.
    preferredSingleSignOnMode string
    The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
    redirectUris string[]
    A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
    samlMetadataUrl string
    The URL where the service exposes SAML metadata for federation.
    samlSingleSignOns GetServicePrincipalSamlSingleSignOn[]
    A saml_single_sign_on block as documented below.
    servicePrincipalNames string[]
    A list of identifier URI(s), copied over from the associated application.
    signInAudience string
    The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
    tags string[]
    A list of tags applied to the service principal.
    type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    account_enabled bool
    Whether the service principal account is enabled.
    alternative_names Sequence[str]
    A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
    app_role_assignment_required bool
    Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
    app_role_ids Mapping[str, str]
    A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
    app_roles Sequence[GetServicePrincipalAppRole]
    A list of app roles published by the associated application, as documented below. For more information official documentation.
    application_id str

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    application_tenant_id str
    The tenant ID where the associated application is registered.
    client_id str
    The client ID of the application associated with this service principal.
    description str
    Permission help text that appears in the admin app assignment and consent experiences.
    display_name str
    Display name for the permission that appears in the admin consent and app assignment experiences.
    feature_tags Sequence[GetServicePrincipalFeatureTag]
    features Sequence[GetServicePrincipalFeature]
    A features block as described below.

    Deprecated:This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

    homepage_url str
    Home page or landing page of the associated application.
    id str
    The provider-assigned unique ID for this managed resource.
    login_url str
    The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.
    logout_url str
    The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
    notes str
    A free text field to capture information about the service principal, typically used for operational purposes.
    notification_email_addresses Sequence[str]
    A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
    oauth2_permission_scope_ids Mapping[str, str]
    A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2_permission_scopes Sequence[GetServicePrincipalOauth2PermissionScope]
    A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an oauth2_permission_scopes block as documented below.
    object_id str
    The object ID of the service principal.
    preferred_single_sign_on_mode str
    The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
    redirect_uris Sequence[str]
    A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
    saml_metadata_url str
    The URL where the service exposes SAML metadata for federation.
    saml_single_sign_ons Sequence[GetServicePrincipalSamlSingleSignOn]
    A saml_single_sign_on block as documented below.
    service_principal_names Sequence[str]
    A list of identifier URI(s), copied over from the associated application.
    sign_in_audience str
    The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
    tags Sequence[str]
    A list of tags applied to the service principal.
    type str
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    accountEnabled Boolean
    Whether the service principal account is enabled.
    alternativeNames List<String>
    A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
    appRoleAssignmentRequired Boolean
    Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
    appRoleIds Map<String>
    A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
    appRoles List<Property Map>
    A list of app roles published by the associated application, as documented below. For more information official documentation.
    applicationId String

    Deprecated:The application_id property has been replaced with the client_id property and will be removed in version 3.0 of the AzureAD provider

    applicationTenantId String
    The tenant ID where the associated application is registered.
    clientId String
    The client ID of the application associated with this service principal.
    description String
    Permission help text that appears in the admin app assignment and consent experiences.
    displayName String
    Display name for the permission that appears in the admin consent and app assignment experiences.
    featureTags List<Property Map>
    features List<Property Map>
    A features block as described below.

    Deprecated:This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

    homepageUrl String
    Home page or landing page of the associated application.
    id String
    The provider-assigned unique ID for this managed resource.
    loginUrl String
    The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.
    logoutUrl String
    The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
    notes String
    A free text field to capture information about the service principal, typically used for operational purposes.
    notificationEmailAddresses List<String>
    A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
    oauth2PermissionScopeIds Map<String>
    A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
    oauth2PermissionScopes List<Property Map>
    A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an oauth2_permission_scopes block as documented below.
    objectId String
    The object ID of the service principal.
    preferredSingleSignOnMode String
    The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
    redirectUris List<String>
    A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
    samlMetadataUrl String
    The URL where the service exposes SAML metadata for federation.
    samlSingleSignOns List<Property Map>
    A saml_single_sign_on block as documented below.
    servicePrincipalNames List<String>
    A list of identifier URI(s), copied over from the associated application.
    signInAudience String
    The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
    tags List<String>
    A list of tags applied to the service principal.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

    Supporting Types

    GetServicePrincipalAppRole

    AllowedMemberTypes List<string>
    Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: User and Application, or both.
    Description string
    Permission help text that appears in the admin app assignment and consent experiences.
    DisplayName string
    The display name of the application associated with this service principal.
    Enabled bool
    Determines if the permission scope is enabled.
    Id string
    The unique identifier of the delegated permission. Must be a valid UUID.
    Value string
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    AllowedMemberTypes []string
    Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: User and Application, or both.
    Description string
    Permission help text that appears in the admin app assignment and consent experiences.
    DisplayName string
    The display name of the application associated with this service principal.
    Enabled bool
    Determines if the permission scope is enabled.
    Id string
    The unique identifier of the delegated permission. Must be a valid UUID.
    Value string
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    allowedMemberTypes List<String>
    Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: User and Application, or both.
    description String
    Permission help text that appears in the admin app assignment and consent experiences.
    displayName String
    The display name of the application associated with this service principal.
    enabled Boolean
    Determines if the permission scope is enabled.
    id String
    The unique identifier of the delegated permission. Must be a valid UUID.
    value String
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    allowedMemberTypes string[]
    Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: User and Application, or both.
    description string
    Permission help text that appears in the admin app assignment and consent experiences.
    displayName string
    The display name of the application associated with this service principal.
    enabled boolean
    Determines if the permission scope is enabled.
    id string
    The unique identifier of the delegated permission. Must be a valid UUID.
    value string
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    allowed_member_types Sequence[str]
    Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: User and Application, or both.
    description str
    Permission help text that appears in the admin app assignment and consent experiences.
    display_name str
    The display name of the application associated with this service principal.
    enabled bool
    Determines if the permission scope is enabled.
    id str
    The unique identifier of the delegated permission. Must be a valid UUID.
    value str
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    allowedMemberTypes List<String>
    Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: User and Application, or both.
    description String
    Permission help text that appears in the admin app assignment and consent experiences.
    displayName String
    The display name of the application associated with this service principal.
    enabled Boolean
    Determines if the permission scope is enabled.
    id String
    The unique identifier of the delegated permission. Must be a valid UUID.
    value String
    The value that is used for the scp claim in OAuth 2.0 access tokens.

    GetServicePrincipalFeature

    CustomSingleSignOnApp bool
    Whether this service principal represents a custom SAML application.
    EnterpriseApplication bool
    Whether this service principal represents an Enterprise Application.
    GalleryApplication bool
    Whether this service principal represents a gallery application.
    VisibleToUsers bool
    Whether this app is visible to users in My Apps and Office 365 Launcher.
    CustomSingleSignOnApp bool
    Whether this service principal represents a custom SAML application.
    EnterpriseApplication bool
    Whether this service principal represents an Enterprise Application.
    GalleryApplication bool
    Whether this service principal represents a gallery application.
    VisibleToUsers bool
    Whether this app is visible to users in My Apps and Office 365 Launcher.
    customSingleSignOnApp Boolean
    Whether this service principal represents a custom SAML application.
    enterpriseApplication Boolean
    Whether this service principal represents an Enterprise Application.
    galleryApplication Boolean
    Whether this service principal represents a gallery application.
    visibleToUsers Boolean
    Whether this app is visible to users in My Apps and Office 365 Launcher.
    customSingleSignOnApp boolean
    Whether this service principal represents a custom SAML application.
    enterpriseApplication boolean
    Whether this service principal represents an Enterprise Application.
    galleryApplication boolean
    Whether this service principal represents a gallery application.
    visibleToUsers boolean
    Whether this app is visible to users in My Apps and Office 365 Launcher.
    custom_single_sign_on_app bool
    Whether this service principal represents a custom SAML application.
    enterprise_application bool
    Whether this service principal represents an Enterprise Application.
    gallery_application bool
    Whether this service principal represents a gallery application.
    visible_to_users bool
    Whether this app is visible to users in My Apps and Office 365 Launcher.
    customSingleSignOnApp Boolean
    Whether this service principal represents a custom SAML application.
    enterpriseApplication Boolean
    Whether this service principal represents an Enterprise Application.
    galleryApplication Boolean
    Whether this service principal represents a gallery application.
    visibleToUsers Boolean
    Whether this app is visible to users in My Apps and Office 365 Launcher.

    GetServicePrincipalFeatureTag

    CustomSingleSignOn bool
    Whether this service principal represents a custom SAML application
    Enterprise bool
    Whether this service principal represents an Enterprise Application
    Gallery bool
    Whether this service principal represents a gallery application
    Hide bool
    Whether this app is invisible to users in My Apps and Office 365 Launcher
    CustomSingleSignOn bool
    Whether this service principal represents a custom SAML application
    Enterprise bool
    Whether this service principal represents an Enterprise Application
    Gallery bool
    Whether this service principal represents a gallery application
    Hide bool
    Whether this app is invisible to users in My Apps and Office 365 Launcher
    customSingleSignOn Boolean
    Whether this service principal represents a custom SAML application
    enterprise Boolean
    Whether this service principal represents an Enterprise Application
    gallery Boolean
    Whether this service principal represents a gallery application
    hide Boolean
    Whether this app is invisible to users in My Apps and Office 365 Launcher
    customSingleSignOn boolean
    Whether this service principal represents a custom SAML application
    enterprise boolean
    Whether this service principal represents an Enterprise Application
    gallery boolean
    Whether this service principal represents a gallery application
    hide boolean
    Whether this app is invisible to users in My Apps and Office 365 Launcher
    custom_single_sign_on bool
    Whether this service principal represents a custom SAML application
    enterprise bool
    Whether this service principal represents an Enterprise Application
    gallery bool
    Whether this service principal represents a gallery application
    hide bool
    Whether this app is invisible to users in My Apps and Office 365 Launcher
    customSingleSignOn Boolean
    Whether this service principal represents a custom SAML application
    enterprise Boolean
    Whether this service principal represents an Enterprise Application
    gallery Boolean
    Whether this service principal represents a gallery application
    hide Boolean
    Whether this app is invisible to users in My Apps and Office 365 Launcher

    GetServicePrincipalOauth2PermissionScope

    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    Enabled bool
    Determines if the permission scope is enabled.
    Id string
    The unique identifier of the delegated permission. Must be a valid UUID.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience.
    Value string
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    Enabled bool
    Determines if the permission scope is enabled.
    Id string
    The unique identifier of the delegated permission. Must be a valid UUID.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience.
    Value string
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled Boolean
    Determines if the permission scope is enabled.
    id String
    The unique identifier of the delegated permission. Must be a valid UUID.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience.
    value String
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    adminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled boolean
    Determines if the permission scope is enabled.
    id string
    The unique identifier of the delegated permission. Must be a valid UUID.
    type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    userConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience.
    value string
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    admin_consent_description str
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    admin_consent_display_name str
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled bool
    Determines if the permission scope is enabled.
    id str
    The unique identifier of the delegated permission. Must be a valid UUID.
    type str
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    user_consent_description str
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    user_consent_display_name str
    Display name for the delegated permission that appears in the end user consent experience.
    value str
    The value that is used for the scp claim in OAuth 2.0 access tokens.
    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    enabled Boolean
    Determines if the permission scope is enabled.
    id String
    The unique identifier of the delegated permission. Must be a valid UUID.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience.
    value String
    The value that is used for the scp claim in OAuth 2.0 access tokens.

    GetServicePrincipalSamlSingleSignOn

    RelayState string
    The relative URI the service provider would redirect to after completion of the single sign-on flow.
    RelayState string
    The relative URI the service provider would redirect to after completion of the single sign-on flow.
    relayState String
    The relative URI the service provider would redirect to after completion of the single sign-on flow.
    relayState string
    The relative URI the service provider would redirect to after completion of the single sign-on flow.
    relay_state str
    The relative URI the service provider would redirect to after completion of the single sign-on flow.
    relayState String
    The relative URI the service provider would redirect to after completion of the single sign-on flow.

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.47.1 published on Friday, Feb 9, 2024 by Pulumi