How to create an Azure AD Application and Service Principal that uses certificate authentication

Microsoft Azure

Creating Azure AD Applications and Service Principals that use certificate based authentication is not quite as straightforward as you might expect.

The following article provides the instructions on how to do this https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal#create-service-principal-with-self-signed-certificate

However, what if you want to use multiple certificates using the KeyCredentials parameter to New-AzureRmAdApplication? In this case you might guess from the following article that you could create an array of objects of type

Microsoft.Azure.Commands.Resources.Models.ActiveDirectory.PSADKeyCredential

The problem is if you have a version of the Azure PowerShell module newer than 4.2.1, then the object will not have a type property as per this issue: https://github.com/Azure/azure-powershell/issues/4491

Assuming you don’t want to downgrade to version 4.2.1 how do you achieve this? Well the issue mentions the correct way of doing this is to use the New-AzureRmAdAppCredential cmdlet as shown in the example code below:

Leave a Reply