cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Entra ID: Service Principal Account Management Feature is now Generally Available

dinesh_mishra
SailPoint Employee
SailPoint Employee
29 0 796

Hello Everyone,

We are super excited to share that the "Lifecycle management of Service Principals as Accounts" feature of Microsoft Entra ID Connector is now generally available in the production tenants!

Last year, we released this capability of the connector everywhere in the sandbox tenants and we continued to enable this feature in the production tenants as per the request only as of now. These capabilities are now generally available in all the production environments so that you can get the maximum benefit of this feature for managing your Service Principals as accounts. 

In Microsoft Entra, workload identities are applications, service principals, and managed identities. Microsoft Entra ID Connector simplifies the lifecycle management for Service Principals and User-assigned managed Identities

 

High-Level Capabilities for Service Principals

  • Aggregation

    • Aggregate Service Principals for enterprise applications with all the associated attributes.

    • Ability to get Service Principal Roles, Owners, Application ID details, and memberOf information.

    • Aggregate application Roles as a separate entitlement object.

  • Get or Refresh Account

  • Create Service Principals for applications

    • Create an application instance of enterprise application and then a Service Principal for that application

    • Create a Service Principals for an existing enterprise application

    • Create a Service Principals for a multi tenant enterprise application

    • While creating the applications and Service Principals for enterprise applications – Ability to add owner, ability to set password and certificates for applications.

  • Update Operation

    • Basic attributes

    • Non-basic attributes: Certificates and Secrets, Owners

    • Entitlement attributes: directoryRoles, azureADPimRoles, azurePim, azureRBACRoles, applicationRoles

  • Enable and Disable

  • Add and Remove Entitlements

    • Add and Remove Roles

    • Add and Remove User's Group Membership

    • Add and Remove Application Role Memberships (appRoleAssignments)

    • Add and Remove PIM Role Memberships (azureActiveRoles and AzureADActiveRoles)

    • Add and Remove RBAC Role Memberships (azureRoleAssignments)

    • Add and Remove Admin Consented Delegated Permissions (spn_adminConsentedPermissions)

    • Remove User Consented Delegated Permissions (spn_userConsentedPermissions)

 

Documentation References 

** If you are also interested to know the User-assigned Managed Identities, refer followings-

 

NOTE - This is an upcoming capabilities of Microsoft Entra (SaaS) Connector, which will be available soon. 

 

If you have any questions, please reach out to us, and we would be more than happy to help you in all possible ways.


Thanks!