Microsoft Active Directory · Schema
ServicePrincipal
A Microsoft Entra service principal — the local tenant instance of an application
Active DirectoryAuthenticationAuthorizationDirectory ServicesIdentity ManagementMicrosoft EntraZero Trust
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the service principal object |
| appId | string | Application (client) ID of the associated application registration |
| displayName | string | Display name for the service principal |
| servicePrincipalType | string | Type of service principal |
| accountEnabled | booleannull | True if the service principal account is enabled |
| appRoles | array | Application roles exposed by the associated application |
| oauth2PermissionScopes | array | Delegated permission scopes exposed by the application |
| homepage | stringnull | Home page or landing page of the application |
| loginUrl | stringnull | URL to direct users for sign-in (for SP-initiated SAML SSO) |
| replyUrls | array | URLs where tokens are sent after authentication |
| tags | array | Strings that categorize the application |
| createdDateTime | stringnull |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/active-directory/main/json-schema/applications-service-principal-schema.json",
"title": "ServicePrincipal",
"description": "A Microsoft Entra service principal — the local tenant instance of an application",
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "Unique identifier for the service principal object",
"readOnly": true
},
"appId": {
"type": "string",
"format": "uuid",
"description": "Application (client) ID of the associated application registration"
},
"displayName": {
"type": "string",
"description": "Display name for the service principal"
},
"servicePrincipalType": {
"type": "string",
"description": "Type of service principal",
"enum": ["Application", "Legacy", "ManagedIdentity", "SocialIdp"]
},
"accountEnabled": {
"type": ["boolean", "null"],
"description": "True if the service principal account is enabled"
},
"appRoles": {
"type": "array",
"description": "Application roles exposed by the associated application",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"displayName": {
"type": "string"
},
"description": {
"type": "string"
},
"value": {
"type": "string"
},
"allowedMemberTypes": {
"type": "array",
"items": {
"type": "string",
"enum": ["User", "Application"]
}
},
"isEnabled": {
"type": "boolean"
}
}
}
},
"oauth2PermissionScopes": {
"type": "array",
"description": "Delegated permission scopes exposed by the application",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"adminConsentDisplayName": {
"type": "string"
},
"adminConsentDescription": {
"type": "string"
},
"userConsentDisplayName": {
"type": "string"
},
"value": {
"type": "string"
},
"type": {
"type": "string",
"enum": ["User", "Admin"]
},
"isEnabled": {
"type": "boolean"
}
}
}
},
"homepage": {
"type": ["string", "null"],
"format": "uri",
"description": "Home page or landing page of the application"
},
"loginUrl": {
"type": ["string", "null"],
"format": "uri",
"description": "URL to direct users for sign-in (for SP-initiated SAML SSO)"
},
"replyUrls": {
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "URLs where tokens are sent after authentication"
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"description": "Strings that categorize the application"
},
"createdDateTime": {
"type": ["string", "null"],
"format": "date-time",
"readOnly": true
}
}
}