Azure Active Directory (Azure AD) v5.38.0, May 17 23

azuread.ServicePrincipal

Explore with Pulumi AI

Import

Service principals can be imported using their object ID, e.g.

 $ pulumi import azuread:index/servicePrincipal:ServicePrincipal test 00000000-0000-0000-0000-000000000000

Example Usage

Create a service principal for an application

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var current = AzureAD.GetClientConfig.Invoke();

    var exampleApplication = new AzureAD.Application("exampleApplication", new()
    {
        DisplayName = "example",
        Owners = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
    });

    var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new()
    {
        ApplicationId = exampleApplication.ApplicationId,
        AppRoleAssignmentRequired = false,
        Owners = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := azuread.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{
			DisplayName: pulumi.String("example"),
			Owners: pulumi.StringArray{
				*pulumi.String(current.ObjectId),
			},
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
			ApplicationId:             exampleApplication.ApplicationId,
			AppRoleAssignmentRequired: pulumi.Bool(false),
			Owners: pulumi.StringArray{
				*pulumi.String(current.ObjectId),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = AzureadFunctions.getClientConfig();

        var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()        
            .displayName("example")
            .owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());

        var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()        
            .applicationId(exampleApplication.applicationId())
            .appRoleAssignmentRequired(false)
            .owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());

    }
}

import pulumi
import pulumi_azuread as azuread

current = azuread.get_client_config()
example_application = azuread.Application("exampleApplication",
    display_name="example",
    owners=[current.object_id])
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
    application_id=example_application.application_id,
    app_role_assignment_required=False,
    owners=[current.object_id])

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const current = azuread.getClientConfig({});
const exampleApplication = new azuread.Application("exampleApplication", {
    displayName: "example",
    owners: [current.then(current => current.objectId)],
});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {
    applicationId: exampleApplication.applicationId,
    appRoleAssignmentRequired: false,
    owners: [current.then(current => current.objectId)],
});

resources:
  exampleApplication:
    type: azuread:Application
    properties:
      displayName: example
      owners:
        - ${current.objectId}
  exampleServicePrincipal:
    type: azuread:ServicePrincipal
    properties:
      applicationId: ${exampleApplication.applicationId}
      appRoleAssignmentRequired: false
      owners:
        - ${current.objectId}
variables:
  current:
    fn::invoke:
      Function: azuread:getClientConfig
      Arguments: {}

Create a service principal for an enterprise application

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var current = AzureAD.GetClientConfig.Invoke();

    var exampleApplication = new AzureAD.Application("exampleApplication", new()
    {
        DisplayName = "example",
        Owners = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
    });

    var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new()
    {
        ApplicationId = exampleApplication.ApplicationId,
        AppRoleAssignmentRequired = false,
        Owners = new[]
        {
            current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        },
        FeatureTags = new[]
        {
            new AzureAD.Inputs.ServicePrincipalFeatureTagArgs
            {
                Enterprise = true,
                Gallery = true,
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := azuread.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{
			DisplayName: pulumi.String("example"),
			Owners: pulumi.StringArray{
				*pulumi.String(current.ObjectId),
			},
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
			ApplicationId:             exampleApplication.ApplicationId,
			AppRoleAssignmentRequired: pulumi.Bool(false),
			Owners: pulumi.StringArray{
				*pulumi.String(current.ObjectId),
			},
			FeatureTags: azuread.ServicePrincipalFeatureTagArray{
				&azuread.ServicePrincipalFeatureTagArgs{
					Enterprise: pulumi.Bool(true),
					Gallery:    pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azuread.inputs.ServicePrincipalFeatureTagArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = AzureadFunctions.getClientConfig();

        var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()        
            .displayName("example")
            .owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());

        var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()        
            .applicationId(exampleApplication.applicationId())
            .appRoleAssignmentRequired(false)
            .owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .featureTags(ServicePrincipalFeatureTagArgs.builder()
                .enterprise(true)
                .gallery(true)
                .build())
            .build());

    }
}

import pulumi
import pulumi_azuread as azuread

current = azuread.get_client_config()
example_application = azuread.Application("exampleApplication",
    display_name="example",
    owners=[current.object_id])
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
    application_id=example_application.application_id,
    app_role_assignment_required=False,
    owners=[current.object_id],
    feature_tags=[azuread.ServicePrincipalFeatureTagArgs(
        enterprise=True,
        gallery=True,
    )])

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const current = azuread.getClientConfig({});
const exampleApplication = new azuread.Application("exampleApplication", {
    displayName: "example",
    owners: [current.then(current => current.objectId)],
});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {
    applicationId: exampleApplication.applicationId,
    appRoleAssignmentRequired: false,
    owners: [current.then(current => current.objectId)],
    featureTags: [{
        enterprise: true,
        gallery: true,
    }],
});

resources:
  exampleApplication:
    type: azuread:Application
    properties:
      displayName: example
      owners:
        - ${current.objectId}
  exampleServicePrincipal:
    type: azuread:ServicePrincipal
    properties:
      applicationId: ${exampleApplication.applicationId}
      appRoleAssignmentRequired: false
      owners:
        - ${current.objectId}
      featureTags:
        - enterprise: true
          gallery: true
variables:
  current:
    fn::invoke:
      Function: azuread:getClientConfig
      Arguments: {}

Manage a service principal for a first-party Microsoft application

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();

    var msgraph = new AzureAD.ServicePrincipal("msgraph", new()
    {
        ApplicationId = wellKnown.Apply(getApplicationPublishedAppIdsResult => getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),
        UseExisting = true,
    });

});

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		wellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = azuread.NewServicePrincipal(ctx, "msgraph", &azuread.ServicePrincipalArgs{
			ApplicationId: *pulumi.String(wellKnown.Result.MicrosoftGraph),
			UseExisting:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();

        var msgraph = new ServicePrincipal("msgraph", ServicePrincipalArgs.builder()        
            .applicationId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -> getApplicationPublishedAppIdsResult.result().MicrosoftGraph()))
            .useExisting(true)
            .build());

    }
}

import pulumi
import pulumi_azuread as azuread

well_known = azuread.get_application_published_app_ids()
msgraph = azuread.ServicePrincipal("msgraph",
    application_id=well_known.result["MicrosoftGraph"],
    use_existing=True)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const wellKnown = azuread.getApplicationPublishedAppIds({});
const msgraph = new azuread.ServicePrincipal("msgraph", {
    applicationId: wellKnown.then(wellKnown => wellKnown.result?.MicrosoftGraph),
    useExisting: true,
});

resources:
  msgraph:
    type: azuread:ServicePrincipal
    properties:
      applicationId: ${wellKnown.result.MicrosoftGraph}
      useExisting: true
variables:
  wellKnown:
    fn::invoke:
      Function: azuread:getApplicationPublishedAppIds
      Arguments: {}

Create a service principal for an application created from a gallery template

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var exampleApplicationTemplate = AzureAD.GetApplicationTemplate.Invoke(new()
    {
        DisplayName = "Marketo",
    });

    var exampleApplication = new AzureAD.Application("exampleApplication", new()
    {
        DisplayName = "example",
        TemplateId = exampleApplicationTemplate.Apply(getApplicationTemplateResult => getApplicationTemplateResult.TemplateId),
    });

    var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new()
    {
        ApplicationId = exampleApplication.ApplicationId,
        UseExisting = true,
    });

});

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleApplicationTemplate, err := azuread.GetApplicationTemplate(ctx, &azuread.GetApplicationTemplateArgs{
			DisplayName: pulumi.StringRef("Marketo"),
		}, nil)
		if err != nil {
			return err
		}
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{
			DisplayName: pulumi.String("example"),
			TemplateId:  *pulumi.String(exampleApplicationTemplate.TemplateId),
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
			ApplicationId: exampleApplication.ApplicationId,
			UseExisting:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetApplicationTemplateArgs;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleApplicationTemplate = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()
            .displayName("Marketo")
            .build());

        var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()        
            .displayName("example")
            .templateId(exampleApplicationTemplate.applyValue(getApplicationTemplateResult -> getApplicationTemplateResult.templateId()))
            .build());

        var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()        
            .applicationId(exampleApplication.applicationId())
            .useExisting(true)
            .build());

    }
}

import pulumi
import pulumi_azuread as azuread

example_application_template = azuread.get_application_template(display_name="Marketo")
example_application = azuread.Application("exampleApplication",
    display_name="example",
    template_id=example_application_template.template_id)
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
    application_id=example_application.application_id,
    use_existing=True)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplicationTemplate = azuread.getApplicationTemplate({
    displayName: "Marketo",
});
const exampleApplication = new azuread.Application("exampleApplication", {
    displayName: "example",
    templateId: exampleApplicationTemplate.then(exampleApplicationTemplate => exampleApplicationTemplate.templateId),
});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {
    applicationId: exampleApplication.applicationId,
    useExisting: true,
});

resources:
  exampleApplication:
    type: azuread:Application
    properties:
      displayName: example
      templateId: ${exampleApplicationTemplate.templateId}
  exampleServicePrincipal:
    type: azuread:ServicePrincipal
    properties:
      applicationId: ${exampleApplication.applicationId}
      useExisting: true
variables:
  exampleApplicationTemplate:
    fn::invoke:
      Function: azuread:getApplicationTemplate
      Arguments:
        displayName: Marketo

Create ServicePrincipal Resource

new ServicePrincipal(name: string, args: ServicePrincipalArgs, opts?: CustomResourceOptions);

@overload
def ServicePrincipal(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     account_enabled: Optional[bool] = None,
                     alternative_names: Optional[Sequence[str]] = None,
                     app_role_assignment_required: Optional[bool] = None,
                     application_id: Optional[str] = None,
                     description: Optional[str] = None,
                     feature_tags: Optional[Sequence[ServicePrincipalFeatureTagArgs]] = None,
                     features: Optional[Sequence[ServicePrincipalFeatureArgs]] = None,
                     login_url: Optional[str] = None,
                     notes: Optional[str] = None,
                     notification_email_addresses: Optional[Sequence[str]] = None,
                     owners: Optional[Sequence[str]] = None,
                     preferred_single_sign_on_mode: Optional[str] = None,
                     saml_single_sign_on: Optional[ServicePrincipalSamlSingleSignOnArgs] = None,
                     tags: Optional[Sequence[str]] = None,
                     use_existing: Optional[bool] = None)
@overload
def ServicePrincipal(resource_name: str,
                     args: ServicePrincipalArgs,
                     opts: Optional[ResourceOptions] = None)

func NewServicePrincipal(ctx *Context, name string, args ServicePrincipalArgs, opts ...ResourceOption) (*ServicePrincipal, error)

public ServicePrincipal(string name, ServicePrincipalArgs args, CustomResourceOptions? opts = null)

public ServicePrincipal(String name, ServicePrincipalArgs args)
public ServicePrincipal(String name, ServicePrincipalArgs args, CustomResourceOptions options)

type: azuread:ServicePrincipal
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServicePrincipalArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ServicePrincipalArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServicePrincipalArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServicePrincipalArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ServicePrincipalArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

ServicePrincipal Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ServicePrincipal resource accepts the following input properties:

ApplicationId string

The application ID (client ID) of the application for which to create a service principal.

AccountEnabled bool

Whether or not the service principal account is enabled. Defaults to true.

AlternativeNames List<string>

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

AppRoleAssignmentRequired bool

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

Description string

A description of the service principal provided for internal end-users.

FeatureTags List<Pulumi.AzureAD.Inputs.ServicePrincipalFeatureTagArgs>

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

Features List<Pulumi.AzureAD.Inputs.ServicePrincipalFeatureArgs>

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

LoginUrl string

The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.

Notes string

A free text field to capture information about the service principal, typically used for operational purposes.

NotificationEmailAddresses List<string>

A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.

Owners List<string>

A list of object IDs of principals that will be granted ownership of the service principal

PreferredSingleSignOnMode string

The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are oidc, password, saml or notSupported. Omit this property or specify a blank string to unset.

SamlSingleSignOn Pulumi.AzureAD.Inputs.ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

Tags List<string>

A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the feature_tags block.

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

UseExisting bool

When true, the resource will return an existing service principal instead of failing with an error

ApplicationId string

The application ID (client ID) of the application for which to create a service principal.

AccountEnabled bool

Whether or not the service principal account is enabled. Defaults to true.

AlternativeNames []string

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

AppRoleAssignmentRequired bool

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

Description string

A description of the service principal provided for internal end-users.

FeatureTags []ServicePrincipalFeatureTagArgs

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

Features []ServicePrincipalFeatureArgs

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

LoginUrl string

Notes string

A free text field to capture information about the service principal, typically used for operational purposes.

NotificationEmailAddresses []string

Owners []string

A list of object IDs of principals that will be granted ownership of the service principal

PreferredSingleSignOnMode string

SamlSingleSignOn ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

Tags []string

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

UseExisting bool

When true, the resource will return an existing service principal instead of failing with an error

applicationId String

The application ID (client ID) of the application for which to create a service principal.

accountEnabled Boolean

Whether or not the service principal account is enabled. Defaults to true.

alternativeNames List<String>

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

appRoleAssignmentRequired Boolean

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

description String

A description of the service principal provided for internal end-users.

featureTags List<ServicePrincipalFeatureTagArgs>

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features List<ServicePrincipalFeatureArgs>

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

loginUrl String

notes String

A free text field to capture information about the service principal, typically used for operational purposes.

notificationEmailAddresses List<String>

owners List<String>

A list of object IDs of principals that will be granted ownership of the service principal

preferredSingleSignOnMode String

samlSingleSignOn ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

tags List<String>

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

useExisting Boolean

When true, the resource will return an existing service principal instead of failing with an error

applicationId string

The application ID (client ID) of the application for which to create a service principal.

accountEnabled boolean

Whether or not the service principal account is enabled. Defaults to true.

alternativeNames string[]

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

appRoleAssignmentRequired boolean

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

description string

A description of the service principal provided for internal end-users.

featureTags ServicePrincipalFeatureTagArgs[]

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features ServicePrincipalFeatureArgs[]

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

loginUrl string

notes string

A free text field to capture information about the service principal, typically used for operational purposes.

notificationEmailAddresses string[]

owners string[]

A list of object IDs of principals that will be granted ownership of the service principal

preferredSingleSignOnMode string

samlSingleSignOn ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

tags string[]

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

useExisting boolean

When true, the resource will return an existing service principal instead of failing with an error

application_id str

The application ID (client ID) of the application for which to create a service principal.

account_enabled bool

Whether or not the service principal account is enabled. Defaults to true.

alternative_names Sequence[str]

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

app_role_assignment_required bool

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

description str

A description of the service principal provided for internal end-users.

feature_tags Sequence[ServicePrincipalFeatureTagArgs]

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features Sequence[ServicePrincipalFeatureArgs]

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

login_url str

notes str

A free text field to capture information about the service principal, typically used for operational purposes.

notification_email_addresses Sequence[str]

owners Sequence[str]

A list of object IDs of principals that will be granted ownership of the service principal

preferred_single_sign_on_mode str

saml_single_sign_on ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

tags Sequence[str]

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

use_existing bool

When true, the resource will return an existing service principal instead of failing with an error

applicationId String

The application ID (client ID) of the application for which to create a service principal.

accountEnabled Boolean

Whether or not the service principal account is enabled. Defaults to true.

alternativeNames List<String>

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

appRoleAssignmentRequired Boolean

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

description String

A description of the service principal provided for internal end-users.

featureTags List<Property Map>

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features List<Property Map>

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

loginUrl String

notes String

A free text field to capture information about the service principal, typically used for operational purposes.

notificationEmailAddresses List<String>

owners List<String>

A list of object IDs of principals that will be granted ownership of the service principal

preferredSingleSignOnMode String

samlSingleSignOn Property Map

A saml_single_sign_on block as documented below.

tags List<String>

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

useExisting Boolean

When true, the resource will return an existing service principal instead of failing with an error

Outputs

All input properties are implicitly available as output properties. Additionally, the ServicePrincipal resource produces the following output properties:

AppRoleIds Dictionary<string, string>: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
AppRoles List<Pulumi.AzureAD.Outputs.ServicePrincipalAppRole>: A list of app roles published by the associated application, as documented below. For more information official documentation.
ApplicationTenantId string: The tenant ID where the associated application is registered.
DisplayName string: Display name for the app role that appears during app role assignment and in consent experiences.
HomepageUrl string: Home page or landing page of the associated application.
Id string: The provider-assigned unique ID for this managed resource.
LogoutUrl string: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
Oauth2PermissionScopeIds Dictionary<string, string>: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
Oauth2PermissionScopes List<Pulumi.AzureAD.Outputs.ServicePrincipalOauth2PermissionScope>: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
ObjectId string: The object ID of the service principal.
RedirectUris List<string>: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
SamlMetadataUrl string: The URL where the service exposes SAML metadata for federation.
ServicePrincipalNames List<string>: A list of identifier URI(s), copied over from the associated application.
SignInAudience string: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
Type string: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

AppRoleIds map[string]string: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
AppRoles []ServicePrincipalAppRole: A list of app roles published by the associated application, as documented below. For more information official documentation.
ApplicationTenantId string: The tenant ID where the associated application is registered.
DisplayName string: Display name for the app role that appears during app role assignment and in consent experiences.
HomepageUrl string: Home page or landing page of the associated application.
Id string: The provider-assigned unique ID for this managed resource.
LogoutUrl string: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
Oauth2PermissionScopeIds map[string]string: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
Oauth2PermissionScopes []ServicePrincipalOauth2PermissionScope: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
ObjectId string: The object ID of the service principal.
RedirectUris []string: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
SamlMetadataUrl string: The URL where the service exposes SAML metadata for federation.
ServicePrincipalNames []string: A list of identifier URI(s), copied over from the associated application.
SignInAudience string: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
Type string: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

appRoleIds Map<String,String>: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
appRoles List<ServicePrincipalAppRole>: A list of app roles published by the associated application, as documented below. For more information official documentation.
applicationTenantId String: The tenant ID where the associated application is registered.
displayName String: Display name for the app role that appears during app role assignment and in consent experiences.
homepageUrl String: Home page or landing page of the associated application.
id String: The provider-assigned unique ID for this managed resource.
logoutUrl String: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
oauth2PermissionScopeIds Map<String,String>: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
oauth2PermissionScopes List<ServicePrincipalOauth2PermissionScope>: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
objectId String: The object ID of the service principal.
redirectUris List<String>: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
samlMetadataUrl String: The URL where the service exposes SAML metadata for federation.
servicePrincipalNames List<String>: A list of identifier URI(s), copied over from the associated application.
signInAudience String: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
type String: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

appRoleIds {[key: string]: string}: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
appRoles ServicePrincipalAppRole[]: A list of app roles published by the associated application, as documented below. For more information official documentation.
applicationTenantId string: The tenant ID where the associated application is registered.
displayName string: Display name for the app role that appears during app role assignment and in consent experiences.
homepageUrl string: Home page or landing page of the associated application.
id string: The provider-assigned unique ID for this managed resource.
logoutUrl string: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
oauth2PermissionScopeIds {[key: string]: string}: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
oauth2PermissionScopes ServicePrincipalOauth2PermissionScope[]: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
objectId string: The object ID of the service principal.
redirectUris string[]: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
samlMetadataUrl string: The URL where the service exposes SAML metadata for federation.
servicePrincipalNames string[]: A list of identifier URI(s), copied over from the associated application.
signInAudience string: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
type string: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

app_role_ids Mapping[str, str]: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
app_roles Sequence[ServicePrincipalAppRole]: A list of app roles published by the associated application, as documented below. For more information official documentation.
application_tenant_id str: The tenant ID where the associated application is registered.
display_name str: Display name for the app role that appears during app role assignment and in consent experiences.
homepage_url str: Home page or landing page of the associated application.
id str: The provider-assigned unique ID for this managed resource.
logout_url str: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
oauth2_permission_scope_ids Mapping[str, str]: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
oauth2_permission_scopes Sequence[ServicePrincipalOauth2PermissionScope]: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
object_id str: The object ID of the service principal.
redirect_uris Sequence[str]: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
saml_metadata_url str: The URL where the service exposes SAML metadata for federation.
service_principal_names Sequence[str]: A list of identifier URI(s), copied over from the associated application.
sign_in_audience str: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
type str: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

appRoleIds Map<String>: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
appRoles List<Property Map>: A list of app roles published by the associated application, as documented below. For more information official documentation.
applicationTenantId String: The tenant ID where the associated application is registered.
displayName String: Display name for the app role that appears during app role assignment and in consent experiences.
homepageUrl String: Home page or landing page of the associated application.
id String: The provider-assigned unique ID for this managed resource.
logoutUrl String: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
oauth2PermissionScopeIds Map<String>: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
oauth2PermissionScopes List<Property Map>: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
objectId String: The object ID of the service principal.
redirectUris List<String>: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
samlMetadataUrl String: The URL where the service exposes SAML metadata for federation.
servicePrincipalNames List<String>: A list of identifier URI(s), copied over from the associated application.
signInAudience String: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
type String: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

Look up Existing ServicePrincipal Resource

Get an existing ServicePrincipal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServicePrincipalState, opts?: CustomResourceOptions): ServicePrincipal

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_enabled: Optional[bool] = None,
        alternative_names: Optional[Sequence[str]] = None,
        app_role_assignment_required: Optional[bool] = None,
        app_role_ids: Optional[Mapping[str, str]] = None,
        app_roles: Optional[Sequence[ServicePrincipalAppRoleArgs]] = None,
        application_id: Optional[str] = None,
        application_tenant_id: Optional[str] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        feature_tags: Optional[Sequence[ServicePrincipalFeatureTagArgs]] = None,
        features: Optional[Sequence[ServicePrincipalFeatureArgs]] = None,
        homepage_url: Optional[str] = None,
        login_url: Optional[str] = None,
        logout_url: Optional[str] = None,
        notes: Optional[str] = None,
        notification_email_addresses: Optional[Sequence[str]] = None,
        oauth2_permission_scope_ids: Optional[Mapping[str, str]] = None,
        oauth2_permission_scopes: Optional[Sequence[ServicePrincipalOauth2PermissionScopeArgs]] = None,
        object_id: Optional[str] = None,
        owners: Optional[Sequence[str]] = None,
        preferred_single_sign_on_mode: Optional[str] = None,
        redirect_uris: Optional[Sequence[str]] = None,
        saml_metadata_url: Optional[str] = None,
        saml_single_sign_on: Optional[ServicePrincipalSamlSingleSignOnArgs] = None,
        service_principal_names: Optional[Sequence[str]] = None,
        sign_in_audience: Optional[str] = None,
        tags: Optional[Sequence[str]] = None,
        type: Optional[str] = None,
        use_existing: Optional[bool] = None) -> ServicePrincipal

func GetServicePrincipal(ctx *Context, name string, id IDInput, state *ServicePrincipalState, opts ...ResourceOption) (*ServicePrincipal, error)

public static ServicePrincipal Get(string name, Input<string> id, ServicePrincipalState? state, CustomResourceOptions? opts = null)

public static ServicePrincipal get(String name, Output<String> id, ServicePrincipalState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountEnabled bool

Whether or not the service principal account is enabled. Defaults to true.

AlternativeNames List<string>

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

AppRoleAssignmentRequired bool

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

AppRoleIds Dictionary<string, string>

A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.

AppRoles List<Pulumi.AzureAD.Inputs.ServicePrincipalAppRoleArgs>

A list of app roles published by the associated application, as documented below. For more information official documentation.

ApplicationId string

The application ID (client ID) of the application for which to create a service principal.

ApplicationTenantId string

The tenant ID where the associated application is registered.

Description string

A description of the service principal provided for internal end-users.

DisplayName string

Display name for the app role that appears during app role assignment and in consent experiences.

FeatureTags List<Pulumi.AzureAD.Inputs.ServicePrincipalFeatureTagArgs>

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

Features List<Pulumi.AzureAD.Inputs.ServicePrincipalFeatureArgs>

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

HomepageUrl string

Home page or landing page of the associated application.

LoginUrl string

LogoutUrl string

The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.

Notes string

A free text field to capture information about the service principal, typically used for operational purposes.

NotificationEmailAddresses List<string>

Oauth2PermissionScopeIds Dictionary<string, string>

A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.

Oauth2PermissionScopes List<Pulumi.AzureAD.Inputs.ServicePrincipalOauth2PermissionScopeArgs>

A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.

ObjectId string

The object ID of the service principal.

Owners List<string>

A list of object IDs of principals that will be granted ownership of the service principal

PreferredSingleSignOnMode string

RedirectUris List<string>

A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.

SamlMetadataUrl string

The URL where the service exposes SAML metadata for federation.

SamlSingleSignOn Pulumi.AzureAD.Inputs.ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

ServicePrincipalNames List<string>

A list of identifier URI(s), copied over from the associated application.

SignInAudience string

The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.

Tags List<string>

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

Type string

Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.

UseExisting bool

When true, the resource will return an existing service principal instead of failing with an error

AccountEnabled bool

Whether or not the service principal account is enabled. Defaults to true.

AlternativeNames []string

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

AppRoleAssignmentRequired bool

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

AppRoleIds map[string]string

A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.

AppRoles []ServicePrincipalAppRoleArgs

A list of app roles published by the associated application, as documented below. For more information official documentation.

ApplicationId string

The application ID (client ID) of the application for which to create a service principal.

ApplicationTenantId string

The tenant ID where the associated application is registered.

Description string

A description of the service principal provided for internal end-users.

DisplayName string

Display name for the app role that appears during app role assignment and in consent experiences.

FeatureTags []ServicePrincipalFeatureTagArgs

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

Features []ServicePrincipalFeatureArgs

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

HomepageUrl string

Home page or landing page of the associated application.

LoginUrl string

LogoutUrl string

The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.

Notes string

A free text field to capture information about the service principal, typically used for operational purposes.

NotificationEmailAddresses []string

Oauth2PermissionScopeIds map[string]string

Oauth2PermissionScopes []ServicePrincipalOauth2PermissionScopeArgs

A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.

ObjectId string

The object ID of the service principal.

Owners []string

A list of object IDs of principals that will be granted ownership of the service principal

PreferredSingleSignOnMode string

RedirectUris []string

SamlMetadataUrl string

The URL where the service exposes SAML metadata for federation.

SamlSingleSignOn ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

ServicePrincipalNames []string

A list of identifier URI(s), copied over from the associated application.

SignInAudience string

Tags []string

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

Type string

UseExisting bool

When true, the resource will return an existing service principal instead of failing with an error

accountEnabled Boolean

Whether or not the service principal account is enabled. Defaults to true.

alternativeNames List<String>

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

appRoleAssignmentRequired Boolean

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

appRoleIds Map<String,String>

A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.

appRoles List<ServicePrincipalAppRoleArgs>

A list of app roles published by the associated application, as documented below. For more information official documentation.

applicationId String

The application ID (client ID) of the application for which to create a service principal.

applicationTenantId String

The tenant ID where the associated application is registered.

description String

A description of the service principal provided for internal end-users.

displayName String

Display name for the app role that appears during app role assignment and in consent experiences.

featureTags List<ServicePrincipalFeatureTagArgs>

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features List<ServicePrincipalFeatureArgs>

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

homepageUrl String

Home page or landing page of the associated application.

loginUrl String

logoutUrl String

The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.

notes String

A free text field to capture information about the service principal, typically used for operational purposes.

notificationEmailAddresses List<String>

oauth2PermissionScopeIds Map<String,String>

oauth2PermissionScopes List<ServicePrincipalOauth2PermissionScopeArgs>

A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.

objectId String

The object ID of the service principal.

owners List<String>

A list of object IDs of principals that will be granted ownership of the service principal

preferredSingleSignOnMode String

redirectUris List<String>

samlMetadataUrl String

The URL where the service exposes SAML metadata for federation.

samlSingleSignOn ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

servicePrincipalNames List<String>

A list of identifier URI(s), copied over from the associated application.

signInAudience String

tags List<String>

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

type String

useExisting Boolean

When true, the resource will return an existing service principal instead of failing with an error

accountEnabled boolean

Whether or not the service principal account is enabled. Defaults to true.

alternativeNames string[]

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

appRoleAssignmentRequired boolean

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

appRoleIds {[key: string]: string}

A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.

appRoles ServicePrincipalAppRoleArgs[]

A list of app roles published by the associated application, as documented below. For more information official documentation.

applicationId string

The application ID (client ID) of the application for which to create a service principal.

applicationTenantId string

The tenant ID where the associated application is registered.

description string

A description of the service principal provided for internal end-users.

displayName string

Display name for the app role that appears during app role assignment and in consent experiences.

featureTags ServicePrincipalFeatureTagArgs[]

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features ServicePrincipalFeatureArgs[]

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

homepageUrl string

Home page or landing page of the associated application.

loginUrl string

logoutUrl string

The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.

notes string

A free text field to capture information about the service principal, typically used for operational purposes.

notificationEmailAddresses string[]

oauth2PermissionScopeIds {[key: string]: string}

oauth2PermissionScopes ServicePrincipalOauth2PermissionScopeArgs[]

A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.

objectId string

The object ID of the service principal.

owners string[]

A list of object IDs of principals that will be granted ownership of the service principal

preferredSingleSignOnMode string

redirectUris string[]

samlMetadataUrl string

The URL where the service exposes SAML metadata for federation.

samlSingleSignOn ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

servicePrincipalNames string[]

A list of identifier URI(s), copied over from the associated application.

signInAudience string

tags string[]

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

type string

useExisting boolean

When true, the resource will return an existing service principal instead of failing with an error

account_enabled bool

Whether or not the service principal account is enabled. Defaults to true.

alternative_names Sequence[str]

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

app_role_assignment_required bool

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

app_role_ids Mapping[str, str]

A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.

app_roles Sequence[ServicePrincipalAppRoleArgs]

A list of app roles published by the associated application, as documented below. For more information official documentation.

application_id str

The application ID (client ID) of the application for which to create a service principal.

application_tenant_id str

The tenant ID where the associated application is registered.

description str

A description of the service principal provided for internal end-users.

display_name str

Display name for the app role that appears during app role assignment and in consent experiences.

feature_tags Sequence[ServicePrincipalFeatureTagArgs]

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features Sequence[ServicePrincipalFeatureArgs]

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

homepage_url str

Home page or landing page of the associated application.

login_url str

logout_url str

The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.

notes str

A free text field to capture information about the service principal, typically used for operational purposes.

notification_email_addresses Sequence[str]

oauth2_permission_scope_ids Mapping[str, str]

oauth2_permission_scopes Sequence[ServicePrincipalOauth2PermissionScopeArgs]

A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.

object_id str

The object ID of the service principal.

owners Sequence[str]

A list of object IDs of principals that will be granted ownership of the service principal

preferred_single_sign_on_mode str

redirect_uris Sequence[str]

saml_metadata_url str

The URL where the service exposes SAML metadata for federation.

saml_single_sign_on ServicePrincipalSamlSingleSignOnArgs

A saml_single_sign_on block as documented below.

service_principal_names Sequence[str]

A list of identifier URI(s), copied over from the associated application.

sign_in_audience str

tags Sequence[str]

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

type str

use_existing bool

When true, the resource will return an existing service principal instead of failing with an error

accountEnabled Boolean

Whether or not the service principal account is enabled. Defaults to true.

alternativeNames List<String>

A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.

appRoleAssignmentRequired Boolean

Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.

appRoleIds Map<String>

A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.

appRoles List<Property Map>

A list of app roles published by the associated application, as documented below. For more information official documentation.

applicationId String

The application ID (client ID) of the application for which to create a service principal.

applicationTenantId String

The tenant ID where the associated application is registered.

description String

A description of the service principal provided for internal end-users.

displayName String

Display name for the app role that appears during app role assignment and in consent experiences.

featureTags List<Property Map>

A feature_tags block as described below. Cannot be used together with the tags property.

Features and Tags Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure feature_tags and tags for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the tags property instead. Any tags configured for the linked application will propagate to this service principal.

features List<Property Map>

Block of features to configure for this service principal using tags

Deprecated:

This block has been renamed to feature_tags and will be removed in version 3.0 of the provider

homepageUrl String

Home page or landing page of the associated application.

loginUrl String

logoutUrl String

The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.

notes String

A free text field to capture information about the service principal, typically used for operational purposes.

notificationEmailAddresses List<String>

oauth2PermissionScopeIds Map<String>

oauth2PermissionScopes List<Property Map>

A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.

objectId String

The object ID of the service principal.

owners List<String>

A list of object IDs of principals that will be granted ownership of the service principal

preferredSingleSignOnMode String

redirectUris List<String>

samlMetadataUrl String

The URL where the service exposes SAML metadata for federation.

samlSingleSignOn Property Map

A saml_single_sign_on block as documented below.

servicePrincipalNames List<String>

A list of identifier URI(s), copied over from the associated application.

signInAudience String

tags List<String>

Tags and Features Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the tags property or with the feature_tags block. If you need to set any custom tag values not supported by the feature_tags block, it's recommended to use the tags property. Tag values set for the linked application will also propagate to this service principal.

type String

useExisting Boolean

When true, the resource will return an existing service principal instead of failing with an error

Supporting Types

ServicePrincipalAppRole

AllowedMemberTypes List<string>: Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both.
Description string: A description of the service principal provided for internal end-users.
DisplayName string: Display name for the app role that appears during app role assignment and in consent experiences.
Enabled bool: Specifies whether the permission scope is enabled.
Id string: The unique identifier of the delegated permission.
Value string: The value that is used for the scp claim in OAuth 2.0 access tokens.

AllowedMemberTypes []string: Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both.
Description string: A description of the service principal provided for internal end-users.
DisplayName string: Display name for the app role that appears during app role assignment and in consent experiences.
Enabled bool: Specifies whether the permission scope is enabled.
Id string: The unique identifier of the delegated permission.
Value string: The value that is used for the scp claim in OAuth 2.0 access tokens.

allowedMemberTypes List<String>: Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both.
description String: A description of the service principal provided for internal end-users.
displayName String: Display name for the app role that appears during app role assignment and in consent experiences.
enabled Boolean: Specifies whether the permission scope is enabled.
id String: The unique identifier of the delegated permission.
value String: The value that is used for the scp claim in OAuth 2.0 access tokens.

allowedMemberTypes string[]: Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both.
description string: A description of the service principal provided for internal end-users.
displayName string: Display name for the app role that appears during app role assignment and in consent experiences.
enabled boolean: Specifies whether the permission scope is enabled.
id string: The unique identifier of the delegated permission.
value string: The value that is used for the scp claim in OAuth 2.0 access tokens.

allowed_member_types Sequence[str]: Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both.
description str: A description of the service principal provided for internal end-users.
display_name str: Display name for the app role that appears during app role assignment and in consent experiences.
enabled bool: Specifies whether the permission scope is enabled.
id str: The unique identifier of the delegated permission.
value str: The value that is used for the scp claim in OAuth 2.0 access tokens.

allowedMemberTypes List<String>: Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: User and Application, or both.
description String: A description of the service principal provided for internal end-users.
displayName String: Display name for the app role that appears during app role assignment and in consent experiences.
enabled Boolean: Specifies whether the permission scope is enabled.
id String: The unique identifier of the delegated permission.
value String: The value that is used for the scp claim in OAuth 2.0 access tokens.

CustomSingleSignOnApp bool
EnterpriseApplication bool
GalleryApplication bool
VisibleToUsers bool

customSingleSignOnApp Boolean
enterpriseApplication Boolean
galleryApplication Boolean
visibleToUsers Boolean

customSingleSignOnApp boolean
enterpriseApplication boolean
galleryApplication boolean
visibleToUsers boolean

custom_single_sign_on_app bool
enterprise_application bool
gallery_application bool
visible_to_users bool

customSingleSignOnApp Boolean
enterpriseApplication Boolean
galleryApplication Boolean
visibleToUsers Boolean

ServicePrincipalFeatureTag

CustomSingleSignOn bool: Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
Enterprise bool: Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
Gallery bool: Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
Hide bool: Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

CustomSingleSignOn bool: Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
Enterprise bool: Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
Gallery bool: Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
Hide bool: Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

customSingleSignOn Boolean: Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
enterprise Boolean: Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
gallery Boolean: Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
hide Boolean: Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

customSingleSignOn boolean: Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
enterprise boolean: Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
gallery boolean: Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
hide boolean: Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

custom_single_sign_on bool: Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
enterprise bool: Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
gallery bool: Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
hide bool: Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

customSingleSignOn Boolean: Whether this service principal represents a custom SAML application. Enabling this will assign the WindowsAzureActiveDirectoryCustomSingleSignOnApplication tag. Defaults to false.
enterprise Boolean: Whether this service principal represents an Enterprise Application. Enabling this will assign the WindowsAzureActiveDirectoryIntegratedApp tag. Defaults to false.
gallery Boolean: Whether this service principal represents a gallery application. Enabling this will assign the WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1 tag. Defaults to false.
hide Boolean: Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the HideApp tag. Defaults to false.

ServicePrincipalOauth2PermissionScope

AdminConsentDescription string: Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
AdminConsentDisplayName string: Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
Enabled bool: Specifies whether the permission scope is enabled.
Id string: The unique identifier of the delegated permission.
Type string: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
UserConsentDescription string: Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
UserConsentDisplayName string: Display name for the delegated permission that appears in the end user consent experience.
Value string: The value that is used for the scp claim in OAuth 2.0 access tokens.

AdminConsentDescription string: Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
AdminConsentDisplayName string: Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
Enabled bool: Specifies whether the permission scope is enabled.
Id string: The unique identifier of the delegated permission.
Type string: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
UserConsentDescription string: Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
UserConsentDisplayName string: Display name for the delegated permission that appears in the end user consent experience.
Value string: The value that is used for the scp claim in OAuth 2.0 access tokens.

adminConsentDescription String: Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
adminConsentDisplayName String: Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
enabled Boolean: Specifies whether the permission scope is enabled.
id String: The unique identifier of the delegated permission.
type String: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
userConsentDescription String: Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
userConsentDisplayName String: Display name for the delegated permission that appears in the end user consent experience.
value String: The value that is used for the scp claim in OAuth 2.0 access tokens.

adminConsentDescription string: Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
adminConsentDisplayName string: Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
enabled boolean: Specifies whether the permission scope is enabled.
id string: The unique identifier of the delegated permission.
type string: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
userConsentDescription string: Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
userConsentDisplayName string: Display name for the delegated permission that appears in the end user consent experience.
value string: The value that is used for the scp claim in OAuth 2.0 access tokens.

admin_consent_description str: Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
admin_consent_display_name str: Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
enabled bool: Specifies whether the permission scope is enabled.
id str: The unique identifier of the delegated permission.
type str: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
user_consent_description str: Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
user_consent_display_name str: Display name for the delegated permission that appears in the end user consent experience.
value str: The value that is used for the scp claim in OAuth 2.0 access tokens.

adminConsentDescription String: Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
adminConsentDisplayName String: Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
enabled Boolean: Specifies whether the permission scope is enabled.
id String: The unique identifier of the delegated permission.
type String: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are User or Admin.
userConsentDescription String: Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
userConsentDisplayName String: Display name for the delegated permission that appears in the end user consent experience.
value String: The value that is used for the scp claim in OAuth 2.0 access tokens.

ServicePrincipalSamlSingleSignOn

RelayState string: The relative URI the service provider would redirect to after completion of the single sign-on flow.

RelayState string: The relative URI the service provider would redirect to after completion of the single sign-on flow.

relayState String: The relative URI the service provider would redirect to after completion of the single sign-on flow.

relayState string: The relative URI the service provider would redirect to after completion of the single sign-on flow.

relay_state str: The relative URI the service provider would redirect to after completion of the single sign-on flow.

relayState String: The relative URI the service provider would redirect to after completion of the single sign-on flow.

Package Details

Repository: Azure Active Directory (Azure AD) pulumi/pulumi-azuread
License: Apache-2.0
Notes: This Pulumi package is based on the azuread Terraform Provider.

azuread.ServicePrincipal

Import

Example Usage

Create ServicePrincipal Resource

ServicePrincipal Resource Properties

Inputs

Outputs

Look up Existing ServicePrincipal Resource

Supporting Types

ServicePrincipalAppRole

ServicePrincipalFeature

ServicePrincipalFeatureTag

ServicePrincipalOauth2PermissionScope

ServicePrincipalSamlSingleSignOn

Package Details

On this page