{"id":14063554,"url":"https://github.com/tyconsulting/AzureServicePrincipalAccount-PS","last_synced_at":"2025-07-29T15:34:09.467Z","repository":{"id":53086213,"uuid":"106233987","full_name":"tyconsulting/AzureServicePrincipalAccount-PS","owner":"tyconsulting","description":"Azure Automation module that defines key (password) based Azure AD Service Principal connection asset and offers easier way to sign in to Azure using the service principals.","archived":false,"fork":false,"pushed_at":"2021-04-07T09:42:55.000Z","size":414,"stargazers_count":9,"open_issues_count":3,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-13T07:05:14.496Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tyconsulting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-09T03:46:14.000Z","updated_at":"2023-11-14T18:32:31.000Z","dependencies_parsed_at":"2022-09-12T12:11:30.904Z","dependency_job_id":null,"html_url":"https://github.com/tyconsulting/AzureServicePrincipalAccount-PS","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyconsulting%2FAzureServicePrincipalAccount-PS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyconsulting%2FAzureServicePrincipalAccount-PS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyconsulting%2FAzureServicePrincipalAccount-PS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyconsulting%2FAzureServicePrincipalAccount-PS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tyconsulting","download_url":"https://codeload.github.com/tyconsulting/AzureServicePrincipalAccount-PS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228028497,"owners_count":17858342,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-13T07:03:23.708Z","updated_at":"2024-12-04T01:31:00.560Z","avatar_url":"https://github.com/tyconsulting.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"# AzureServicePrincipalAccount PowerShell Module\n\n#### Module version history\n| Author | Date | Version | Comment |\n|:--- | :---: | :---: | :---\nTao Yang | 06/10/2017 | 1.0.1 | Initial release\nTao Yang | 23/10/2017 | 1.1.0 | Added Get-AzureADToken function\nTao Yang | 31/10/2017 | 1.2.0 | Get-AzureADToken added support for user principals\nTao Yang | 20/11/2017 | 1.3.0 | Get-AzureADToken added support for interactive user logins (ideally for MFA-Enabled users)\nTao Yang | 21/11/2017 | 1.4.0 | Get-AzureADToken added support for passing in user name for interactive user logins (ideally for MFA-Enabled users)\nTao Yang | 04/02/2018 | 1.5.0 | Get-AzureADToken added support for certificate-based Azure AD Service Principals\nTao Yang | 18/04/2019 | 2.0.0 | Updated the module to use the new Az PowerShell module. **Do not use this version if you are still using AzureRM modules.**\nTao Yang | 07/04/2021 | 2.1.0 | Added Microsoft.IdentityModel.Clients.ActiveDirectory.dll to the module since the Az PowerShell module no longer uses it.\n\n## Introduction\nThe **AzureServicePrincipalAccount** Powershell module is designed to simplify the Azure Sign-In process within the Azure Automation accounts using Azure AD Service Principals.\n\n### Add-AzServicePrincipalAccount\n\nBy the default, the Azure AD Service Principal connection type provided by Azure Automation accounts only supports certificate-based Azure AD Service Principals. This module provides an additional connection type for key-based Service Principals:\n\n![](images/connectiontype.png)\n\nWhen you are using an Azure service principal connection defined in your automation account, no matter whether you use the built-in certificate-based connection, or the key-based connection defined in this module, you can simply use an unique command to sign-in to your Azure subscription:\n~~~PowerShell\nAdd-AzServicePrincipalAccount -AzureServicePrincipalConnection $AzureSPConnection\n~~~\n\n#### Sample PowerShell Runbook\n~~~PowerShell\n[CmdletBinding()]\nParam(\n  [String]$ConnectioNName\n)\n\n$AzureSPConnection = Get-AutomationConnection -Name $ConnectioNName\n\nIf ($AzureSPConnection)\n{\n  $Login = Add-AzServicePrincipalAccount -AzureServicePrincipalConnection $AzureSPConnection\n  $Login.Context\n} else {\n  Write-Error \"Connection asset '$ConnectionName' does not exist in this Automation account.\"\n}\n~~~\n\n### Get-AzureADToken\n\n**Get-AzureADToken** is a generic function that provides a simplified way to generate Azure AD oAuth2 token for accessing various Azure resources. You access the help file in PowerShell:\n~~~PowerShell\nGet-help Get-AzureADToken -Full\n~~~\n\nIt is a known issue that when executing a runbook on Azure runbook workers, you cannot use a credential-based security principal (including user principals and key-based service principals). When using a key-based Service Principal, an alternative is to use Azure Resource Manager REST API directly (instead of using AzureRM PowerShell modules). You can use Get-AzureADToken to generate appropriate oAuth token for the REST API calls. The Azure Resource Manager REST API is fully documented here: [https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-rest-api](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-rest-api)\n\n\u003e**Note:** this issue is documented here: [https://github.com/Azure/azure-powershell/issues/2067](https://github.com/Azure/azure-powershell/issues/2067) and here: [https://feedback.azure.com/forums/246290-automation/suggestions/16304161-add-azurermaccount-doesn-t-work-with-service-princ](https://feedback.azure.com/forums/246290-automation/suggestions/16304161-add-azurermaccount-doesn-t-work-with-service-princ)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftyconsulting%2FAzureServicePrincipalAccount-PS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftyconsulting%2FAzureServicePrincipalAccount-PS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftyconsulting%2FAzureServicePrincipalAccount-PS/lists"}