Category: Active Directory

Posted on

What is Service Principal ID, Application ID, Client ID, Tenant ID

Service Principal ID

What is Service Principal?

A Service Principal is a security identity in Azure Active Directory (Entra ID) that represents an application or service, allowing it to log in and access Azure resources — just like a user, but for apps or automation.

What is a Service Principal ID?

The Service Principal ID is the unique identifier (GUID) assigned to the Service Principal object in Azure Active Directory (Entra ID).

Application ID

Also known as: App ID

What it is Application ID:

A globally unique identifier for the Azure AD Application registration.

Scope: Refers to the actual application definition in Azure AD.

Example use: When configuring authentication for apps (e.g., OAuth2, OpenID), you often use the Application ID.

Client ID

Also known as: App ID (again!)

What it is Client ID

Client ID: This is actually the same as the Application ID in most contexts.

Why it’s called “Client ID”: In OAuth2 terminology, the application (a “client”) gets a Client ID and Client Secret.

Example use: When an app authenticates using OAuth2, it presents the Client ID and secret.

Quick Comparison Table:

TermAliasRefers ToExample Use
Application IDClient IDApp registration in Azure ADApp registration, API authentication
Client IDApplication IDOAuth2 client ID for authenticationLogin with Azure AD
Service Principal IDObject IDAzure AD identity for app in a tenantAssign RBAC roles, permissions

Key Properties

PropertyDescription
Client IDThe App (Application) ID of the Service Principal
Tenant IDThe Azure AD tenant where the identity resides
Object IDThe unique ID of the Service Principal itself
Client SecretPassword-like credential used for authentication

Breakdown of IDs:

So: Client ID == Application ID

NameAlso Called AsWhat it Represents
Application IDApp ID / Client IDThe registered app in Azure AD
Service Principal IDObject IDThe specific identity of the app in the tenant
Tenant IDThe Azure AD directory (organization)

Posted on

Create Service Principle, Register an application on Azure Entra ID (former Active Directory)

A Service Principal in Azure is an identity used by applications, services, or automated tools to access specific Azure resources. It’s tied to an Azure App Registration and is used for managing permissions and authentication.

The Microsoft identity platform performs identity and access management (IAM) only for registered applications. Whether it’s a client application like a ADF or Synapse, Wen Application or mobile app, or it’s a web API that backs a client app, registering establishes a trust relationship between your application and the identity provider, the Microsoft identity platform.

This article is talking on registering an application in the Microsoft Entra admin center. I outline the registration procedure step by step.

Summary steps:

  1. Navigate to Azure Entra ID (Azure Active Directory)
  2. Create an App Registration
  3. Generate Client Secret,
    note down Important the Application (client) ID and Directory (tenant) ID,  Client-Secret-value.
  4. Using the Service Principle – Assign Roles to the Service Principal
    Navigate to the Azure resource (e.g., Storage Account, Key Vault, SQL Database) you want your Service Principal to access.

Step by Step Demo

Register a new Application on Azure Entra ID (formerly called Azure Active Directory), get an Application ID and Client Secret value.

Azure Portal >> Azure Entra ID (formerly called Azure Active Directory) 

(1)  Copy Tenant ID.

We need this Tenant ID later.

(2) App Registration

(3) Copy Application ID. We will use it later

(4) Create Client Secret

Generate a new client Secret,

(5) copy the Client Secret Value

Copy client-secret-value, we need it later.

Cause: the Client Secret Value you HAVE TO COPY IT RIGHT NOW! IMMEDIATELY copy NOW. And put it to a secure place. Since the Value WILL NOT reappear anymore. IMOPRTANT!

(6) Using the Service Principle – Assign Roles to the Service Principal

Assign Roles to the Service Principal

Now, assign permissions to your Service Principal so it can access specific Azure resources:

  1. Navigate to the Azure resource (e.g., Storage Account, Key Vault, SQL Database) you want your Service Principal to access.
  2. Go to Access Control (IAM).
  3. Click Add and choose Add role assignment.
  4. Choose a role (e.g., Contributor, Reader, or a custom role).
  5. Search for your App Registration by its name and select it.
  6. Save

We have finished all at Azure Entra ID (Former Azure Active Directory) 

Please do not hesitate to contact me if you have any questions at william . chen @mainri.ca

(remove all space from the email account 😊)

Appendix: Microsoft: Register an application with the Microsoft identity platform

Proudly powered by WordPress