Identity types

Service Principal

Diagram representing a glossary term in Oasis Security, illustrating key concepts in non human identity management

A service principal is an identity used by a service or application to authenticate and access resources in a secure and controlled manner. Service principals are commonly used in cloud environments for automated access management, enabling applications to authenticate and interact with cloud services without requiring user credentials. While traditional service accounts exist in some cloud environments, service principals offer a more modern and secure approach, specifically designed for Azure.

For example, in Microsoft Azure, a service principal is a security principal used by applications, services, or automation scripts to access Azure resources securely. Service principals are assigned specific roles and permissions within both Azure and Azure Entra ID (formerly Azure Active Directory) to control their access to resources and data.

Service principals are typically authenticated using client credentials, such as a client secret or certificate, or by using federated authentication. The client ID is used to identify the service principal but is not a secret. Managed identities are a type of service principal designed to simplify resource authentication within Azure.

Service principals can access resources such as virtual machines, storage, and other Azure services. By securely managing service principals and their credentials, organizations can enforce security policies, automate access control, and ensure that applications interact with cloud services securely.