How to Generate Service Principal Name (SPN) with Azure Active Directory using Portal

These days it is a common ask to integrate your application with Azure Active Directory  (AAD).  Most of the services like AKS in Azure itself need a SPN to provision itself. Though it is a very straight forward task via CLI, yet sometimes people face challenges in doing it via Portal. Let me discuss first the prerequisite and steps to generate the same.

What Permissions you need ?

If you are a user, in order tp generate SPN you first check with your Global administrator that weather he allowed the Application Registration or not. You could simple  check that by going to Azure Active Directory Blade.

If this option is grayed out the only thing you could do is to ask your global administrator to allow Application registrations at tenant level.  If your organization policies allowed then your administrator should allow Application registrations and should not be restricting the Users to access Azure AD

If your administrator allowed above 2 settings, you are good and can see application registration button is no longer grayed out. However this does not happen generally and your Administrator register the application on your behalf.

How to Register SPN with AAD ?

Who so ever (either you or your admin) is doing the steps, should click on Application registration button and will come up a screen to fill

  1. Application name – Name to identify your application in Azure
  2. Type – You can choose Web app if there is a URL for Sign on or Native App if there is a redirect URL to place. If you do not know, simply chose web app.
  3. URL – If your application has a URL to sign in provide that else put any dummy URL here then simply hit create

Post hitting the create, Your Application Registration process gets complete and you will be able to see Client ID. However in order to retrieve the client secret you need to go to Keys section .

In the keys blade, you need to provide the name of the key and its expiration value and save the key. Once saved, you will get your Client Secret.

Do not close this screen before copying your key as you won’t be able to get it post that.

 

Let me know your thoughts in comment section 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *