Contents x
    Service Principal Management
    • 10 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Service Principal Management

    • Updated on 10 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Introduction

    Service principals can be added, modified, and scopes can be automated exclusively within the Data Queries type of tracking.

    Add a Service principal

    1. Navigate to Service principals section and click Add.
    2. Users can reuse any existing Service Principal or add a new one by clicking the available checkbox.
    3. Provide a name and Subscription information such as Tenant id, Client id, and Client secret expiration date.

    Add sp.png

    1. Click Validate.
    2. Upon successful validation, click Next.
    3. The next step involves providing access to the Business group.
    4. Choose the desired subscription and configure scope to selected groups.
    5. Click Save.

    Access policy.png

    Update a Service Principal

    1. Click Edit icon next to any available Service Principal in Service principals section.
    2. The client secret and secret expiration date can be modified.
    3. Click Validate.
    4. Click Next upon successful validation.
    5. The Access Policy of Business groups can be updated.
    6. Click Update

    Scope automation

    Scopes for groups can be defined automatically by setting up automation rules based on the subscription names, so that if a Service Principal is provided with access to a new Subscription, it will be automatically added to the respective groups based on the rules.

    The automation will be triggered daily at 12:00 AM UTC, and the access policy for all subscriptions will be reflected based on the automation rules.

    1. Go to Service principals section and Add / Edit a Service principal to which the automation rules are to be configured.

    2. Validate the credentials and proceed to Access policy screen.

    3. Enabling the toggle: "Apply the access policy across all new and existing subscriptions within the service principal will automatically grant root-level access to any newly added subscriptions within the Service principal.

    4. Configuring a rule via Configure rule -> Add rule will grant access to all subscriptions that match the specified condition within the defined scope.

    Scope automation.png

    1. Define a condition and configure scope to automatically provide access to a Subscription for Business groups. Any new or existing subscriptions that meet the specified rule will gain access to the configured scopes.

    Access policy rule.png

    1. Click Save.
    2. Click Update -> Continue in the confirmation box to finish setting up the automation rules.

    Remove a Service Principal

    1. Click Delete icon next to the desired Service Principal in Service principals section
    2. Click Delete in the confirmation box

    Remove sp.png

    Was this article helpful?
    What's Next
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence