Follow these steps to enable the Azure tenant tasks to access Microsoft Azure using a service principal with certificate.


For more information see 

https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal


  • Ensure that a client certificate and private key that supports client authentication is installed on the machine running the XIA Configuration Client and that the certificate is accessible to the service account.



  • Export the public key of the client certificate in CER, PEM, or CRT format.

  • Logon to the Azure Portal as a user account with the sufficient permissions.

  • Go to Microsoft Entra ID > App Registrations > New Registration.

  • Enter an appropriate name for the application - for example "XIA Configuration Server".

  • For supported account types select
    Accounts in this organizational directory only

  • Do not specify a Redirect URI.

  • Click Register.

  • Make a note of the following values

    Application (client) ID
    Directory (tenant) ID

  • Go to Certificates & secrets > Certificates.

  • Click Upload Certificate.

  • Browse for the certificate and provide a description.



  • Copy and record the thumbprint.



  • Go to Azure Active Directory > Roles and Administrators > Global reader.



  • Click Add assignments and search for and select the service principal and click Add.


  • Go to Subscriptions and for each subscription select Access Control (IAM).

  • Click Add > Add role assignment and select the Reader role and click Next.

  • Add the service principal to the role.