Authenticating against Azure AD for system processes


  • I'd like to be able to make requests against Azure AD using the API, however this only seems possible with OAuth credentials.

    What I would like to do is:
    a) Some scheduled process starts up, and decides it needs to create some new users in Azure AD.

    b) Makes a request to Azure AD using pre-existing API tokens (no user interaction)

    c) Is able to add and remove users from AD, setting their security groups.

    The interaction with AD to create/destroy users seems fine, but I cannot understand how to do authentication without a user being present and going through an OAuth loop. Can anyone point me at some documentation that details how to authenticate requests in this way?

    Tuesday, April 18, 2017 11:12 AM

All replies

  • To programatically authenticate to AAD you need to be using a service principal, rather than using a normal user. The service principal is effectively the identity of your application. See this document for more details on the architecture of service principals and this document on how to actually create and use one.

    Authentication with a SP can either be via username/password or certificate.

    Sam Cogan Microsoft Azure MVP
    Blog | Twitter

    • Proposed as answer by SamCoganMVP Monday, April 24, 2017 2:50 PM
    Tuesday, April 18, 2017 1:55 PM