Microsoft Entra · Schema
ServicePrincipal
Represents an instance of an application in a tenant. The service principal is the local representation used for sign-in and access to resources. It inherits certain properties from the application object.
Access ManagementAuthenticationAzure ADEntraIdentityIdentity GovernanceMicrosoftNetwork SecuritySecurityZero Trust
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the service principal (GUID) |
| appId | string | The unique identifier for the associated application (application's appId). Required on create. |
| displayName | string | The display name for the service principal |
| description | stringnull | Description of the service principal's function |
| servicePrincipalType | string | Identifies whether the service principal represents an application, a managed identity, or a legacy app |
| appDisplayName | string | The display name exposed by the associated application |
| appOwnerOrganizationId | stringnull | Contains the tenant ID where the application is registered |
| accountEnabled | boolean | true if the service principal account is enabled; false otherwise |
| homepage | stringnull | Home page or landing page of the application |
| loginUrl | stringnull | URL where the service provider redirects the user to Microsoft Entra ID to authenticate (SAML sign-on) |
| logoutUrl | stringnull | URL used by Microsoft's authorization service to sign out a user |
| replyUrls | array | URLs where user tokens are sent for sign-in or redirect URIs for authorization codes and access tokens |
| servicePrincipalNames | array | Contains the list of identifierUris copied from the associated application plus the appId |
| tags | array | Custom strings used to categorize and identify the service principal. Values include WindowsAzureActiveDirectoryIntegratedApp. |
| appRoles | array | The roles exposed by the application that this service principal represents |
| oauth2PermissionScopes | array | The delegated permission scopes exposed by the application |
| appRoleAssignmentRequired | boolean | If true, users and other service principals must first be granted an app role assignment before they can sign in or obtain tokens |
| keyCredentials | array | Collection of certificate credentials |
| passwordCredentials | array | Collection of password credentials |
| createdDateTime | stringnull | Date and time the service principal was created |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/ServicePrincipal",
"title": "ServicePrincipal",
"type": "object",
"description": "Represents an instance of an application in a tenant. The service principal is the local representation used for sign-in and access to resources. It inherits certain properties from the application object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "Unique identifier for the service principal (GUID)",
"example": "abc123"
},
"appId": {
"type": "string",
"description": "The unique identifier for the associated application (application's appId). Required on create.",
"example": "500123"
},
"displayName": {
"type": "string",
"description": "The display name for the service principal",
"example": "example_value"
},
"description": {
"type": [
"string",
"null"
],
"description": "Description of the service principal's function",
"example": "A sample description."
},
"servicePrincipalType": {
"type": "string",
"description": "Identifies whether the service principal represents an application, a managed identity, or a legacy app",
"enum": [
"Application",
"ManagedIdentity",
"Legacy",
"SocialIdp"
],
"example": "Application"
},
"appDisplayName": {
"type": "string",
"readOnly": true,
"description": "The display name exposed by the associated application",
"example": "example_value"
},
"appOwnerOrganizationId": {
"type": [
"string",
"null"
],
"format": "uuid",
"readOnly": true,
"description": "Contains the tenant ID where the application is registered",
"example": "500123"
},
"accountEnabled": {
"type": "boolean",
"description": "true if the service principal account is enabled; false otherwise",
"default": true,
"example": true
},
"homepage": {
"type": [
"string",
"null"
],
"description": "Home page or landing page of the application",
"format": "uri",
"example": "https://www.example.com"
},
"loginUrl": {
"type": [
"string",
"null"
],
"description": "URL where the service provider redirects the user to Microsoft Entra ID to authenticate (SAML sign-on)",
"format": "uri",
"example": "https://www.example.com"
},
"logoutUrl": {
"type": [
"string",
"null"
],
"description": "URL used by Microsoft's authorization service to sign out a user",
"format": "uri",
"example": "https://www.example.com"
},
"replyUrls": {
"type": "array",
"description": "URLs where user tokens are sent for sign-in or redirect URIs for authorization codes and access tokens",
"items": {
"type": "string"
},
"example": "https://www.example.com"
},
"servicePrincipalNames": {
"type": "array",
"description": "Contains the list of identifierUris copied from the associated application plus the appId",
"items": {
"type": "string"
},
"example": []
},
"tags": {
"type": "array",
"description": "Custom strings used to categorize and identify the service principal. Values include WindowsAzureActiveDirectoryIntegratedApp.",
"items": {
"type": "string"
},
"example": []
},
"appRoles": {
"type": "array",
"readOnly": true,
"description": "The roles exposed by the application that this service principal represents",
"items": {
"$ref": "#/components/schemas/AppRole"
},
"example": []
},
"oauth2PermissionScopes": {
"type": "array",
"readOnly": true,
"description": "The delegated permission scopes exposed by the application",
"items": {
"$ref": "#/components/schemas/PermissionScope"
},
"example": []
},
"appRoleAssignmentRequired": {
"type": "boolean",
"description": "If true, users and other service principals must first be granted an app role assignment before they can sign in or obtain tokens",
"default": false,
"example": true
},
"keyCredentials": {
"type": "array",
"description": "Collection of certificate credentials",
"items": {
"$ref": "#/components/schemas/KeyCredential"
},
"example": []
},
"passwordCredentials": {
"type": "array",
"description": "Collection of password credentials",
"items": {
"$ref": "#/components/schemas/PasswordCredential"
},
"example": []
},
"createdDateTime": {
"type": [
"string",
"null"
],
"format": "date-time",
"readOnly": true,
"description": "Date and time the service principal was created",
"example": "2026-01-15T10:30:00Z"
}
}
}