Docs Home
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
azuread.getServicePrincipals
Explore with Pulumi AI
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
Gets basic information for multiple Azure Active Directory service principals.
API Permissions
The following API permissions are required in order to use this data source.
When authenticated with a service principal, this data source requires one of the following application roles: Application.Read.All or Directory.Read.All
When authenticated with a user principal, this data source does not require any additional roles.
Example Usage
Look up by application display names
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = azuread.getServicePrincipals({
displayNames: [
"example-app",
"another-app",
],
});
import pulumi
import pulumi_azuread as azuread
example = azuread.get_service_principals(display_names=[
"example-app",
"another-app",
])
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetServicePrincipals(ctx, &azuread.GetServicePrincipalsArgs{
DisplayNames: []string{
"example-app",
"another-app",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = AzureAD.GetServicePrincipals.Invoke(new()
{
DisplayNames = new[]
{
"example-app",
"another-app",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()
.displayNames(
"example-app",
"another-app")
.build());
}
}
variables:
example:
fn::invoke:
function: azuread:getServicePrincipals
arguments:
displayNames:
- example-app
- another-app
Look up by application IDs (client IDs)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = azuread.getServicePrincipals({
clientIds: [
"11111111-0000-0000-0000-000000000000",
"22222222-0000-0000-0000-000000000000",
"33333333-0000-0000-0000-000000000000",
],
});
import pulumi
import pulumi_azuread as azuread
example = azuread.get_service_principals(client_ids=[
"11111111-0000-0000-0000-000000000000",
"22222222-0000-0000-0000-000000000000",
"33333333-0000-0000-0000-000000000000",
])
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetServicePrincipals(ctx, &azuread.GetServicePrincipalsArgs{
ClientIds: []string{
"11111111-0000-0000-0000-000000000000",
"22222222-0000-0000-0000-000000000000",
"33333333-0000-0000-0000-000000000000",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = AzureAD.GetServicePrincipals.Invoke(new()
{
ClientIds = new[]
{
"11111111-0000-0000-0000-000000000000",
"22222222-0000-0000-0000-000000000000",
"33333333-0000-0000-0000-000000000000",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()
.clientIds(
"11111111-0000-0000-0000-000000000000",
"22222222-0000-0000-0000-000000000000",
"33333333-0000-0000-0000-000000000000")
.build());
}
}
variables:
example:
fn::invoke:
function: azuread:getServicePrincipals
arguments:
clientIds:
- 11111111-0000-0000-0000-000000000000
- 22222222-0000-0000-0000-000000000000
- 33333333-0000-0000-0000-000000000000
Look up by service principal object IDs
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = azuread.getServicePrincipals({
objectIds: [
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-111111111111",
"00000000-0000-0000-0000-222222222222",
],
});
import pulumi
import pulumi_azuread as azuread
example = azuread.get_service_principals(object_ids=[
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-111111111111",
"00000000-0000-0000-0000-222222222222",
])
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.GetServicePrincipals(ctx, &azuread.GetServicePrincipalsArgs{
ObjectIds: []string{
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-111111111111",
"00000000-0000-0000-0000-222222222222",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = AzureAD.GetServicePrincipals.Invoke(new()
{
ObjectIds = new[]
{
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-111111111111",
"00000000-0000-0000-0000-222222222222",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()
.objectIds(
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-111111111111",
"00000000-0000-0000-0000-222222222222")
.build());
}
}
variables:
example:
fn::invoke:
function: azuread:getServicePrincipals
arguments:
objectIds:
- 00000000-0000-0000-0000-000000000000
- 00000000-0000-0000-0000-111111111111
- 00000000-0000-0000-0000-222222222222
Using getServicePrincipals
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getServicePrincipals(args: GetServicePrincipalsArgs, opts?: InvokeOptions): Promise<GetServicePrincipalsResult>
function getServicePrincipalsOutput(args: GetServicePrincipalsOutputArgs, opts?: InvokeOptions): Output<GetServicePrincipalsResult>def get_service_principals(client_ids: Optional[Sequence[str]] = None,
display_names: Optional[Sequence[str]] = None,
ignore_missing: Optional[bool] = None,
object_ids: Optional[Sequence[str]] = None,
return_all: Optional[bool] = None,
opts: Optional[InvokeOptions] = None) -> GetServicePrincipalsResult
def get_service_principals_output(client_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
display_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
ignore_missing: Optional[pulumi.Input[bool]] = None,
object_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
return_all: Optional[pulumi.Input[bool]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetServicePrincipalsResult]func GetServicePrincipals(ctx *Context, args *GetServicePrincipalsArgs, opts ...InvokeOption) (*GetServicePrincipalsResult, error)
func GetServicePrincipalsOutput(ctx *Context, args *GetServicePrincipalsOutputArgs, opts ...InvokeOption) GetServicePrincipalsResultOutput> Note: This function is named GetServicePrincipals in the Go SDK.
public static class GetServicePrincipals
{
public static Task<GetServicePrincipalsResult> InvokeAsync(GetServicePrincipalsArgs args, InvokeOptions? opts = null)
public static Output<GetServicePrincipalsResult> Invoke(GetServicePrincipalsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetServicePrincipalsResult> getServicePrincipals(GetServicePrincipalsArgs args, InvokeOptions options)
public static Output<GetServicePrincipalsResult> getServicePrincipals(GetServicePrincipalsArgs args, InvokeOptions options)
fn::invoke:
function: azuread:index/getServicePrincipals:getServicePrincipals
arguments:
# arguments dictionaryThe following arguments are supported:
- Client
Ids List<string> - A list of client IDs of the applications associated with the service principals.
- Display
Names List<string> - A list of display names of the applications associated with the service principals.
- Ignore
Missing bool - Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
- Object
Ids List<string> - The object IDs of the service principals.
- Return
All bool When
true, the data source will return all service principals. Cannot be used withignore_missing. Defaults to false.Either
return_all, or one ofclient_ids,display_namesorobject_idsmust be specified. These may be specified as an empty list, in which case no results will be returned.
- Client
Ids []string - A list of client IDs of the applications associated with the service principals.
- Display
Names []string - A list of display names of the applications associated with the service principals.
- Ignore
Missing bool - Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
- Object
Ids []string - The object IDs of the service principals.
- Return
All bool When
true, the data source will return all service principals. Cannot be used withignore_missing. Defaults to false.Either
return_all, or one ofclient_ids,display_namesorobject_idsmust be specified. These may be specified as an empty list, in which case no results will be returned.
- client
Ids List<String> - A list of client IDs of the applications associated with the service principals.
- display
Names List<String> - A list of display names of the applications associated with the service principals.
- ignore
Missing Boolean - Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
- object
Ids List<String> - The object IDs of the service principals.
- return
All Boolean When
true, the data source will return all service principals. Cannot be used withignore_missing. Defaults to false.Either
return_all, or one ofclient_ids,display_namesorobject_idsmust be specified. These may be specified as an empty list, in which case no results will be returned.
- client
Ids string[] - A list of client IDs of the applications associated with the service principals.
- display
Names string[] - A list of display names of the applications associated with the service principals.
- ignore
Missing boolean - Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
- object
Ids string[] - The object IDs of the service principals.
- return
All boolean When
true, the data source will return all service principals. Cannot be used withignore_missing. Defaults to false.Either
return_all, or one ofclient_ids,display_namesorobject_idsmust be specified. These may be specified as an empty list, in which case no results will be returned.
- client_
ids Sequence[str] - A list of client IDs of the applications associated with the service principals.
- display_
names Sequence[str] - A list of display names of the applications associated with the service principals.
- ignore_
missing bool - Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
- object_
ids Sequence[str] - The object IDs of the service principals.
- return_
all bool When
true, the data source will return all service principals. Cannot be used withignore_missing. Defaults to false.Either
return_all, or one ofclient_ids,display_namesorobject_idsmust be specified. These may be specified as an empty list, in which case no results will be returned.
- client
Ids List<String> - A list of client IDs of the applications associated with the service principals.
- display
Names List<String> - A list of display names of the applications associated with the service principals.
- ignore
Missing Boolean - Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
- object
Ids List<String> - The object IDs of the service principals.
- return
All Boolean When
true, the data source will return all service principals. Cannot be used withignore_missing. Defaults to false.Either
return_all, or one ofclient_ids,display_namesorobject_idsmust be specified. These may be specified as an empty list, in which case no results will be returned.
getServicePrincipals Result
The following output properties are available:
- Client
Ids List<string> - The client ID of the application associated with this service principal.
- Display
Names List<string> - A list of display names of the applications associated with the service principals.
- Id string
- The provider-assigned unique ID for this managed resource.
- Object
Ids List<string> - The object IDs of the service principals.
- Service
Principals List<Pulumi.Azure AD. Outputs. Get Service Principals Service Principal> - A list of service principals. Each
service_principalobject provides the attributes documented below. - Ignore
Missing bool - Return
All bool
- Client
Ids []string - The client ID of the application associated with this service principal.
- Display
Names []string - A list of display names of the applications associated with the service principals.
- Id string
- The provider-assigned unique ID for this managed resource.
- Object
Ids []string - The object IDs of the service principals.
- Service
Principals []GetService Principals Service Principal - A list of service principals. Each
service_principalobject provides the attributes documented below. - Ignore
Missing bool - Return
All bool
- client
Ids List<String> - The client ID of the application associated with this service principal.
- display
Names List<String> - A list of display names of the applications associated with the service principals.
- id String
- The provider-assigned unique ID for this managed resource.
- object
Ids List<String> - The object IDs of the service principals.
- service
Principals List<GetService Principals Service Principal> - A list of service principals. Each
service_principalobject provides the attributes documented below. - ignore
Missing Boolean - return
All Boolean
- client
Ids string[] - The client ID of the application associated with this service principal.
- display
Names string[] - A list of display names of the applications associated with the service principals.
- id string
- The provider-assigned unique ID for this managed resource.
- object
Ids string[] - The object IDs of the service principals.
- service
Principals GetService Principals Service Principal[] - A list of service principals. Each
service_principalobject provides the attributes documented below. - ignore
Missing boolean - return
All boolean
- client_
ids Sequence[str] - The client ID of the application associated with this service principal.
- display_
names Sequence[str] - A list of display names of the applications associated with the service principals.
- id str
- The provider-assigned unique ID for this managed resource.
- object_
ids Sequence[str] - The object IDs of the service principals.
- service_
principals Sequence[GetService Principals Service Principal] - A list of service principals. Each
service_principalobject provides the attributes documented below. - ignore_
missing bool - return_
all bool
- client
Ids List<String> - The client ID of the application associated with this service principal.
- display
Names List<String> - A list of display names of the applications associated with the service principals.
- id String
- The provider-assigned unique ID for this managed resource.
- object
Ids List<String> - The object IDs of the service principals.
- service
Principals List<Property Map> - A list of service principals. Each
service_principalobject provides the attributes documented below. - ignore
Missing Boolean - return
All Boolean
Supporting Types
GetServicePrincipalsServicePrincipal
- Account
Enabled This property is required. bool - Whether the service principal account is enabled.
- App
Role Assignment Required This property is required. bool - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
- Application
Tenant Id This property is required. string - The tenant ID where the associated application is registered.
- Client
Id This property is required. string - The application ID (client ID) for the associated application
- Display
Name This property is required. string - The display name of the application associated with this service principal.
- Object
Id This property is required. string - The object ID of the service principal.
- Preferred
Single Sign On Mode This property is required. string - The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
- Saml
Metadata Url This property is required. string - The URL where the service exposes SAML metadata for federation.
- Service
Principal Names This property is required. List<string> - A list of identifier URI(s), copied over from the associated application.
- Sign
In Audience This property is required. string - The Microsoft account types that are supported for the associated application. Possible values include
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. This property is required. List<string>- A list of tags applied to the service principal.
- Type
This property is required. string - Identifies whether the service principal represents an application or a managed identity. Possible values include
ApplicationorManagedIdentity.
- Account
Enabled This property is required. bool - Whether the service principal account is enabled.
- App
Role Assignment Required This property is required. bool - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
- Application
Tenant Id This property is required. string - The tenant ID where the associated application is registered.
- Client
Id This property is required. string - The application ID (client ID) for the associated application
- Display
Name This property is required. string - The display name of the application associated with this service principal.
- Object
Id This property is required. string - The object ID of the service principal.
- Preferred
Single Sign On Mode This property is required. string - The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
- Saml
Metadata Url This property is required. string - The URL where the service exposes SAML metadata for federation.
- Service
Principal Names This property is required. []string - A list of identifier URI(s), copied over from the associated application.
- Sign
In Audience This property is required. string - The Microsoft account types that are supported for the associated application. Possible values include
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. This property is required. []string- A list of tags applied to the service principal.
- Type
This property is required. string - Identifies whether the service principal represents an application or a managed identity. Possible values include
ApplicationorManagedIdentity.
- account
Enabled This property is required. Boolean - Whether the service principal account is enabled.
- app
Role Assignment Required This property is required. Boolean - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
- application
Tenant Id This property is required. String - The tenant ID where the associated application is registered.
- client
Id This property is required. String - The application ID (client ID) for the associated application
- display
Name This property is required. String - The display name of the application associated with this service principal.
- object
Id This property is required. String - The object ID of the service principal.
- preferred
Single Sign On Mode This property is required. String - The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
- saml
Metadata Url This property is required. String - The URL where the service exposes SAML metadata for federation.
- service
Principal Names This property is required. List<String> - A list of identifier URI(s), copied over from the associated application.
- sign
In Audience This property is required. String - The Microsoft account types that are supported for the associated application. Possible values include
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. This property is required. List<String>- A list of tags applied to the service principal.
- type
This property is required. String - Identifies whether the service principal represents an application or a managed identity. Possible values include
ApplicationorManagedIdentity.
- account
Enabled This property is required. boolean - Whether the service principal account is enabled.
- app
Role Assignment Required This property is required. boolean - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
- application
Tenant Id This property is required. string - The tenant ID where the associated application is registered.
- client
Id This property is required. string - The application ID (client ID) for the associated application
- display
Name This property is required. string - The display name of the application associated with this service principal.
- object
Id This property is required. string - The object ID of the service principal.
- preferred
Single Sign On Mode This property is required. string - The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
- saml
Metadata Url This property is required. string - The URL where the service exposes SAML metadata for federation.
- service
Principal Names This property is required. string[] - A list of identifier URI(s), copied over from the associated application.
- sign
In Audience This property is required. string - The Microsoft account types that are supported for the associated application. Possible values include
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. This property is required. string[]- A list of tags applied to the service principal.
- type
This property is required. string - Identifies whether the service principal represents an application or a managed identity. Possible values include
ApplicationorManagedIdentity.
- account_
enabled This property is required. bool - Whether the service principal account is enabled.
- app_
role_ assignment_ required This property is required. bool - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
- application_
tenant_ id This property is required. str - The tenant ID where the associated application is registered.
- client_
id This property is required. str - The application ID (client ID) for the associated application
- display_
name This property is required. str - The display name of the application associated with this service principal.
- object_
id This property is required. str - The object ID of the service principal.
- preferred_
single_ sign_ on_ mode This property is required. str - The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
- saml_
metadata_ url This property is required. str - The URL where the service exposes SAML metadata for federation.
- service_
principal_ names This property is required. Sequence[str] - A list of identifier URI(s), copied over from the associated application.
- sign_
in_ audience This property is required. str - The Microsoft account types that are supported for the associated application. Possible values include
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. This property is required. Sequence[str]- A list of tags applied to the service principal.
- type
This property is required. str - Identifies whether the service principal represents an application or a managed identity. Possible values include
ApplicationorManagedIdentity.
- account
Enabled This property is required. Boolean - Whether the service principal account is enabled.
- app
Role Assignment Required This property is required. Boolean - Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
- application
Tenant Id This property is required. String - The tenant ID where the associated application is registered.
- client
Id This property is required. String - The application ID (client ID) for the associated application
- display
Name This property is required. String - The display name of the application associated with this service principal.
- object
Id This property is required. String - The object ID of the service principal.
- preferred
Single Sign On Mode This property is required. String - The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
- saml
Metadata Url This property is required. String - The URL where the service exposes SAML metadata for federation.
- service
Principal Names This property is required. List<String> - A list of identifier URI(s), copied over from the associated application.
- sign
In Audience This property is required. String - The Microsoft account types that are supported for the associated application. Possible values include
AzureADMyOrg,AzureADMultipleOrgs,AzureADandPersonalMicrosoftAccountorPersonalMicrosoftAccount. This property is required. List<String>- A list of tags applied to the service principal.
- type
This property is required. String - Identifies whether the service principal represents an application or a managed identity. Possible values include
ApplicationorManagedIdentity.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi