pac cli Service Principal

There are several reasons to use a Service Principal for Dataverse e.g., running

• a dataverse flow
• Pipelines / Microsoft Power PLatform Build Tools for Azure DevOps
• …

The service principal is a non-interactive user-account which often runs with higher permissions. In addition, this is not an account which can be used by a user to log-in and it is not a named user-account.

With the pac command you can list and create service principals which are available in your tenant very easily.

While the command

pac admin list-service-principal

will prvide you a list of service principals in your tenant with information about App ID Secret Expiry date and name,

the command

pac admin create-service-principal

needs additional information to create the service principal.

You need to specify at least the environment as GUID or absolute URL and the name which the newly created service principal should have. By default the ‘System Administrator’ Security Role will be ssigned, but you can also specify a different role that should be assigned in your environment.

The command will then look like:

pac admin create-service-principal -env 325c8b4d-ab11-cd22-3e45-6789fg01234h -n Blogpost -r ‘System Administrator’

Benefit of the Power Platform Tool in vscode is, that you can directly access environment information by right click on the environment, so you do not need to run a pac command to list the environments.

Once the service principal has been created, all relevant information regarding the Service Principal will be displayed:

• Tenant ID,
• Application ID,
• Service Principal ID,
• Client Secret,
• Client Secret Expiration,
• System User ID

Store the information for later usage.