To access Azure resources, Azure provides concept of service principal identity which can be created for use with applications and automated tools. Service principal is assigned to various roles to provide access to resources in controlled manner. It is recommended to use service principals with applications or other tools to access azure resources rather than allowing them to use user identity.
You can create service principal following this Create an Azure Service Principal.
Now these service principals are non-interactive Azure accounts. Similar to any other user, their permissions are managed with Azure Active Directory.
We will use OAuth 2.0 Client Credentials Grant Flow which permits a web service (confidential client) to use its own credentials (service principal) instead of impersonating a user, to authenticate when calling another web service.
- The client application authenticates to the Azure AD token issuance endpoint and requests an access token.
- The Azure AD token issuance endpoint issues the access token.
- The access token is used to authenticate to the secured resource.
- Data from the secured resource is returned to the client application.
Open postman and create a Collection. Add a GET request-
>> Create GET OAuth2 token request to get access_token. Place this URL – https://login.microsoftonline.com/{{directoryId}}/oauth2/token
Create environment variable ‘directoryId’ and assign the value to it. {{directoryId}} will be replaced with your account directory ID. You can get this directory ID from AAD –> Properties as shown below
>>Add parameters in Body as shown in the screen shot and assign them the values which you noted while creating the Service Principal. Values for grant_type will be ‘client_credentials’ and resource will be set based on what resource need to be accessed like https://vault.azure.net or https://management.azure.com etc as shown in the screen shot above.
>>Create a Global variable (that way it can be accessed across collections) “access_token” and paste the below statements in Tests tab as shown
var data = JSON.parse(responseBody); postman.setGlobalVariable("access_token", data.access_token);
>>Click Send, it will parse the response and save the “access_token” value returned in the response.
>>Now the service principal is authenticated and the access_token can be used in request to access the resource.