servicePrincipal resource type

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Represents an instance of an application in a directory. Inherits from directoryObject.

JSON representation

Here is a JSON representation of the resource

{
  "accountEnabled": true,
  "addIns": [{"@odata.type": "microsoft.graph.addIn"}],
  "appDisplayName": "string",
  "appId": "string",
  "appOwnerOrganizationId": "guid",
  "appRoleAssignmentRequired": true,
  "displayName": "string",
  "errorUrl": "string",
  "homepage": "string",
  "id": "string (identifier)",
  "keyCredentials": [{"@odata.type": "microsoft.graph.keyCredential"}],
  "logoutUrl": "string",
  "oauth2Permissions": [{"@odata.type": "microsoft.graph.oAuth2Permission"}],
  "passwordCredentials": [{"@odata.type": "microsoft.graph.passwordCredential"}],
  "preferredTokenSigningKeyThumbprint": "string",
  "publisherName": "string",
  "replyUrls": ["string"],
  "samlMetadataUrl": "string",
  "servicePrincipalNames": ["string"],
  "tags": ["string"]
}

Properties

Property Type Description
accountEnabled Boolean true if the service principal account is enabled; otherwise, false.
appDisplayName String The display name exposed by the associated application.
appId String The unique identifier for the associated application (its appId property).
appRoleAssignmentRequired Boolean Specifies whether an appRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application. Not nullable.
appRoles appRole collection The application roles exposed by the associated application. For more information see the appRoles property definition on the application entity. Not nullable.
displayName String The display name for the service principal.
errorUrl String
homepage String The URL to the homepage of the associated application.
keyCredentials keyCredential collection The collection of key credentials associated with the service principal. Not nullable.
logoutUrl String Specifies the URL that will be used by Microsoft's authorization service to logout an user using front-channel, back-channel or SAML logout protocols.
oauth2Permissions oAuth2Permission collection The OAuth 2.0 permissions exposed by the associated application. For more information see the oauth2Permissions property definition on the application entity. Not nullable.
id String The unique identifier for the service principal. Inherited from directoryObject. Key. Not nullable. Read-only.
passwordCredentials passwordCredential collection The collection of password credentials associated with the service principal. Not nullable.
preferredTokenSigningKeyThumbprint String Reserved for internal use only. Do not write or otherwise rely on this property. May be removed in future versions.
publisherName String The display name of the tenant in which the associated application is specified.
replyUrls String collection The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. Not nullable.
samlMetadataUrl String
servicePrincipalNames String collection The URIs that identify the associated application. For more information see, Application Objects and Service Principal Objects.The any operator is required for filter expressions on multi-valued properties. Not nullable.
tags String collection Not nullable.

Relationships

Relationship Type Description
appRoleAssignedTo appRoleAssignment Principals (users, groups, and service principals) that are assigned to this service principal. Read-only.
appRoleAssignments appRoleAssignment collection Applications that the service principal is assigned to. Read-only. Nullable.
createdObjects directoryObject collection Directory objects created by this service principal. Read-only. Nullable.
memberOf directoryObject collection Roles that this service principal is a member of. HTTP Methods: GET Read-only. Nullable.
oauth2PermissionGrants oAuth2PermissionGrant collection User impersonation grants associated with this service principal. Read-only. Nullable.
ownedObjects directoryObject collection Directory objects that are owned by this service principal. Read-only. Nullable.
owners directoryObject collection Directory objects that are owners of this service principal. The owners are a set of non-admin users who are allowed to modify this object. Read-only. Nullable.
policy policy collection The policies assigned to this service principal.

Methods

Method Return Type Description
Get servicePrincipal servicePrincipal Read properties and relationships of servicePrincipal object.
List servicePrincipals servicePrincipal collection Retrieve a list of servicePrincipal objects.
Create appRoleAssignment appRoleAssignment Create a new appRoleAssignment by posting to the appRoleAssignments collection.
List appRoleAssignments appRoleAssignment collection Get a appRoleAssignment object collection.
Create createdObject directoryObject Create a new createdObject by posting to the createdObjects collection.
List createdObjects directoryObject collection Get a createdObject object collection.
Create memberOf directoryObject Create a new memberOf by posting to the memberOf collection.
List memberOf directoryObject collection Get a memberOf object collection.
List assigned policies policy collection Get all policies assigned to this object.
Create oAuth2PermissionGrant oAuth2PermissionGrant Create a new oAuth2PermissionGrant by posting to the oauth2PermissionGrants collection.
List oauth2PermissionGrants oAuth2PermissionGrant collection Get a oAuth2PermissionGrant object collection.
Create ownedObject directoryObject Create a new ownedObject by posting to the ownedObjects collection.
List ownedObjects directoryObject collection Get a ownedObject object collection.
Create owner directoryObject Create a new owner by posting to the owners collection.
List owners directoryObject collection Get a owner object collection.
Update servicePrincipal Update servicePrincipal object.
Delete None Delete servicePrincipal object.
checkMemberGroups String collection
getMemberGroups String collection
getMemberObjects String collection