0

Here is a scenario. I have a SaaS product that needs to make api calls to customer's Azure cloud account. I understand a service principal can be created on the customer's AZ account, and if I have the credentials(app id, password, etc), I can make calls using that user/principal based on the permissions to that principal. One way is that customer creates it for my product, then comes to my product portal(web ui) and punches in this information which my SaaS product can then store securely in vault and use it.

Is there a better way to achieve the creation of the principal? For example via application manifest or something and then also be able to get a Event grid notification or something with the app/principal's creds to a webhook url endpoint?

Basically, I want this to be as automated as possible but cannot think of a way if it is even possible.

curiousengineer
  • 101
  • 1

1 Answers1

0

There isn't an easy way to create a SP in another tenant automatically, most of what exists in AAD around this is geared to granting access to your app for users from another tenant, which is not what you want.

Pretty much every application I know of that does some sort of Azure provisioning requires the user of the app to provide service principal details manually in the application.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113