Also known as Enterprise Applications, a service principal (SPN) "...An application whose tokens can be used to authenticate and grant access to specific Azure resources from a user-app, service or automation tool, when an organization is using Azure Active Directory…_" In essence, a service principal is similar to an on-premises Active Directory service account, in that an they are used to manage authentication between a service and Azure resources. Defines access policies and permissions for users (user principals) or apps (service principals) in Microsoft Entra ID. There are three types of service principals: - [[Enterprise Application]] - [[Managed Identity]] - Legacy Typical use cases where you would rely on a Service Principal is for example when running [[Terraform]] IAC (Infrastructure as Code) deployments, or when using [[Azure DevOps]] for example, where you define a [[Service Connection]] from [[Azure Pipelines]] to Azure; or basically any other 3rd party application requiring an authentication token to connect to Azure resources. ## Resources [Design service principals for applications - Training | Microsoft Learn](https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/9-two-design-service-principals)