Service Principal Management
  • 13 Nov 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Service Principal Management

  • Dark
    Light
  • PDF

Article summary

Introduction

The first step in getting started with a Business Application in Turbo360 is to add a Service Principal.

Service Principal is an application within Azure Active Directory, which is authorized to access resources in Azure Stack.

Turbo360 uses the authentication tokens of the Service Principal to manage the resources.

Client secret expiry

  • Turbo360 allows users to configure the same date as the Azure portal in order to notify users 7 days before the expiration date to change the Client secret.

  • Users can change the Client secret expiry date when adding or editing a Service Principal during Service Principal management or Business Application management.

Add a Service Principal

Service principals can be added in two different ways depending on which access is completely different:

  1. Navigate to Service principals and click Add.
  2. Choose between Manage Azure Resources and Manage Power Automate Flows .options based on which the access will be provided.

Manage Azure Resources

  1. Select Manage Azure Resources option.

SP1.png

  1. Please enter a unique name to the Service Principal.
  2. Provide the Service principal credentials.
  3. Set the expiry date for the client secret expiry in accordance to the date available in Azure portal.
  4. Click Validate to validate the Service principal credentials. Click Next.

SP3.png

  1. The next step is to configure the access policy for the authenticated Service Principal within the Business Applications module. You have two choices: either check the box next to the Subscription to grant full access to all resource groups, or check the Subscription box and define the scope by selecting the resource group filter, thereby restricting access solely to the Business Applications module.

SP4.gif

  1. Choose the Business Application groups eligible for Service Principal access. You can opt to do this for each subscription separately or update them collectively within a group.

SP5.png

By enabling the checkboxes next to the required subscriptions and clicking Bulk Selection, it is possible to grant access for multiple subscriptions to similar business groups at once.

SP6.png

  1. Click Add to finish adding the Service Principal having access to Azure resources.

Users are confined to managing resources and its operations aligned with the corresponding Service Principal solely within the defined Business group level.

Manage Power Automate Flows

  1. Select Manage Power Automate Flows option.

Add power automate sp.png

  1. Enter the Service principal credentials and click Validate.
  2. Once the validation is completed successfully, navigate to the given URL.

Authorization code.png

  1. Copy the response from the browser.

Authorization response.png

  1. Click Validate authorization code . Click Next after successful validation.

Successful validation.png

  1. You will be listed with the Power Automate Environments. Select the required environments and the corresponding Business Application groups.

Power automate sp access.png

  1. Click Add to create a Service principal with access to Power Automate flows.

Use existing Service principal

Any Service principal available at global level can be added to Business Application module by choosing the existing Service Principal and adding the same.

SP7.png

Refer to this article to get to know about adding Service Principals in General Settings.

Update a Service Principal

  1. Click on the Edit icon next to any Service Principal in the Service principals section.
  2. The Client Secret expiry and the expiration date can be updated under Service principal details. Update them and click Validate to again validate the new credentials.
  3. Click Next.
  4. Perform changes in the Scope selection, if required.
  5. Update the Access policy based on the needs and click Update.

image.png

EDIT2.png

Remove a Service Principal

  1. Click Delete icon next to any Service Principal.
  2. Click Remove in the confirmation box to remove it completely from the Business Application module.

remove.png

Removing the Service Principal will remove the associated resources referring to this Service Principal from Turbo360.


Was this article helpful?