Skip to content

New-EntraServicePrincipal

SYNOPSIS

Creates a new service principal in Azure Active Directory.

SYNTAX

certAuth

New-EntraServicePrincipal [-serviceShortName] <String[]> [-environment] <String[]> [-certAuth]
 [-certTemplate <String>] [-taskNumber] <String> [-explicitName] [-showAppToUsers] [-onderwijs]
 [-domein <String>] [-entiteit <String>] -MDAPPGUID <String> [-MDInstanceGUID <String>]
 [-additionalTags <String[]>] [-update] [<CommonParameters>]

secretAuth

New-EntraServicePrincipal [-serviceShortName] <String[]> [-environment] <String[]> [-secretAuth]
 [-taskNumber] <String> [-multipleSecrets] [-explicitName] [-showAppToUsers] [-onderwijs] [-domein <String>]
 [-entiteit <String>] -MDAPPGUID <String> [-MDInstanceGUID <String>] [-additionalTags <String[]>] [-update]
 [<CommonParameters>]

noAuth

New-EntraServicePrincipal [-serviceShortName] <String[]> [-noAuth] [-explicitName] [-showAppToUsers]
 [-onderwijs] [-domein <String>] [-entiteit <String>] -MDAPPGUID <String> [-MDInstanceGUID <String>]
 [-additionalTags <String[]>] [-update] [<CommonParameters>]

DESCRIPTION

The `New-EntraServicePrincipal` function creates a new service principal (app registration) in Azure Active Directory. It supports both certificate-based and password-based authentication methods. The function can also create entries in PasswordState for the generated credentials and supports custom tags, environments, and authentication sessions.

EXAMPLES

EXAMPLE 1

New-EntraServicePrincipal -serviceShortName "MyService" -environment "PR" -secretAuth -taskNumber "T12345"

Creates a new service principal with password-based authentication for the "PR" environment.

EXAMPLE 2

New-EntraServicePrincipal -serviceShortName "MyService" -environment "QA" -certAuth -certTemplate "_D09-CA2-SHA256-EntraID"

Creates a new service principal with certificate-based authentication for the "QA" environment.

EXAMPLE 3

New-EntraServicePrincipal -serviceShortName "MyService" -environment "DV" -noAuth

Creates a new service principal without authentication credentials for the "DV" environment.

EXAMPLE 4

New-EntraServicePrincipal -serviceShortName "MyService" -environment "PR" -onderwijs -domein "Domein : ERP" -entiteit "Entiteit : Stad Gent"

Creates a new service principal in the "onderwijs" tenant with custom domain and entity tags.

PARAMETERS

-serviceShortName

The short name of the service to construct the service principal name.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-environment

The environment for the service principal. Supported values include: `DV`, `ST`, `QA`, `INT`, `PR`.

Type: String[]
Parameter Sets: certAuth, secretAuth
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-secretAuth

A switch parameter that, when specified, uses password-based authentication for the service principal.

Type: SwitchParameter
Parameter Sets: secretAuth
Aliases: PasswordBasedAuth, ServicePrincipalPasswordBasedAuth

Required: True
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-certAuth

A switch parameter that, when specified, uses certificate-based authentication for the service principal.

Type: SwitchParameter
Parameter Sets: certAuth
Aliases: CertificateBasedAuth, ServicePrincipalCertificateBasedAuth

Required: True
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-certTemplate

The certificate template to use for generating a new certificate. Defaults to `_D09-CA2-SHA256-EntraID`.

Type: String
Parameter Sets: certAuth
Aliases:

Required: False
Position: Named
Default value: _D09-CA2-SHA256-EntraID
Accept pipeline input: False
Accept wildcard characters: False

-noAuth

A switch parameter that, when specified, creates the service principal without authentication credentials.

Type: SwitchParameter
Parameter Sets: noAuth
Aliases: ServicePrincipalNoAuth

Required: True
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-taskNumber

The task number associated with the service principal creation.

Type: String
Parameter Sets: certAuth, secretAuth
Aliases:

Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-multipleSecrets

A switch parameter that, when specified, allows creating multiple secrets for the service principal.

Type: SwitchParameter
Parameter Sets: secretAuth
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-explicitName

A switch parameter that, when specified, uses the provided name explicitly without appending environment details.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-showAppToUsers

A switch parameter that, when specified, makes the app visible to users.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-onderwijs

A switch parameter that, when specified, connects to the "onderwijs" tenant.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-domein

The domain associated with the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-entiteit

The entity associated with the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MDAPPGUID

The master GUID of the masterdata application associated with the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MDInstanceGUID

The instance GUID of the masterdata application associated with the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-additionalTags

Additional tags to assign to the service principal.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-update

A switch parameter that, when specified, updates an existing service principal instead of creating a new one.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES