Azure Active Directory (Azure AD) v6.7.0, Nov 5 25

Azure Active Directory (Azure AD) v6.7.0 published on Wednesday, Nov 5, 2025 by Pulumi

azuread.getServicePrincipals

Start a Neo task

Explain and create an azuread.getServicePrincipals resource

Azure Active Directory (Azure AD) v6.7.0 published on Wednesday, Nov 5, 2025 by Pulumi

pulumi/pulumi-azuread

API Permissions

The following API permissions are required in order to use this data source.

When authenticated with a service principal, this data source requires one of the following application roles: Application.Read.All or Directory.Read.All

When authenticated with a user principal, this data source does not require any additional roles.

Example Usage

Look up by application display names

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = azuread.getServicePrincipals({
    displayNames: [
        "example-app",
        "another-app",
    ],
});

import pulumi
import pulumi_azuread as azuread

example = azuread.get_service_principals(display_names=[
    "example-app",
    "another-app",
])

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetServicePrincipals(ctx, &azuread.GetServicePrincipalsArgs{
			DisplayNames: []string{
				"example-app",
				"another-app",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var example = AzureAD.GetServicePrincipals.Invoke(new()
    {
        DisplayNames = new[]
        {
            "example-app",
            "another-app",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()
            .displayNames(            
                "example-app",
                "another-app")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: azuread:getServicePrincipals
      arguments:
        displayNames:
          - example-app
          - another-app

Look up by application IDs (client IDs)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = azuread.getServicePrincipals({
    clientIds: [
        "11111111-0000-0000-0000-000000000000",
        "22222222-0000-0000-0000-000000000000",
        "33333333-0000-0000-0000-000000000000",
    ],
});

import pulumi
import pulumi_azuread as azuread

example = azuread.get_service_principals(client_ids=[
    "11111111-0000-0000-0000-000000000000",
    "22222222-0000-0000-0000-000000000000",
    "33333333-0000-0000-0000-000000000000",
])

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetServicePrincipals(ctx, &azuread.GetServicePrincipalsArgs{
			ClientIds: []string{
				"11111111-0000-0000-0000-000000000000",
				"22222222-0000-0000-0000-000000000000",
				"33333333-0000-0000-0000-000000000000",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var example = AzureAD.GetServicePrincipals.Invoke(new()
    {
        ClientIds = new[]
        {
            "11111111-0000-0000-0000-000000000000",
            "22222222-0000-0000-0000-000000000000",
            "33333333-0000-0000-0000-000000000000",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()
            .clientIds(            
                "11111111-0000-0000-0000-000000000000",
                "22222222-0000-0000-0000-000000000000",
                "33333333-0000-0000-0000-000000000000")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: azuread:getServicePrincipals
      arguments:
        clientIds:
          - 11111111-0000-0000-0000-000000000000
          - 22222222-0000-0000-0000-000000000000
          - 33333333-0000-0000-0000-000000000000

Look up by service principal object IDs

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = azuread.getServicePrincipals({
    objectIds: [
        "00000000-0000-0000-0000-000000000000",
        "00000000-0000-0000-0000-111111111111",
        "00000000-0000-0000-0000-222222222222",
    ],
});

import pulumi
import pulumi_azuread as azuread

example = azuread.get_service_principals(object_ids=[
    "00000000-0000-0000-0000-000000000000",
    "00000000-0000-0000-0000-111111111111",
    "00000000-0000-0000-0000-222222222222",
])

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetServicePrincipals(ctx, &azuread.GetServicePrincipalsArgs{
			ObjectIds: []string{
				"00000000-0000-0000-0000-000000000000",
				"00000000-0000-0000-0000-111111111111",
				"00000000-0000-0000-0000-222222222222",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var example = AzureAD.GetServicePrincipals.Invoke(new()
    {
        ObjectIds = new[]
        {
            "00000000-0000-0000-0000-000000000000",
            "00000000-0000-0000-0000-111111111111",
            "00000000-0000-0000-0000-222222222222",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()
            .objectIds(            
                "00000000-0000-0000-0000-000000000000",
                "00000000-0000-0000-0000-111111111111",
                "00000000-0000-0000-0000-222222222222")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: azuread:getServicePrincipals
      arguments:
        objectIds:
          - 00000000-0000-0000-0000-000000000000
          - 00000000-0000-0000-0000-111111111111
          - 00000000-0000-0000-0000-222222222222

Using getServicePrincipals

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getServicePrincipals(args: GetServicePrincipalsArgs, opts?: InvokeOptions): Promise<GetServicePrincipalsResult>
function getServicePrincipalsOutput(args: GetServicePrincipalsOutputArgs, opts?: InvokeOptions): Output<GetServicePrincipalsResult>

def get_service_principals(client_ids: Optional[Sequence[str]] = None,
                           display_names: Optional[Sequence[str]] = None,
                           ignore_missing: Optional[bool] = None,
                           object_ids: Optional[Sequence[str]] = None,
                           return_all: Optional[bool] = None,
                           opts: Optional[InvokeOptions] = None) -> GetServicePrincipalsResult
def get_service_principals_output(client_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                           display_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                           ignore_missing: Optional[pulumi.Input[bool]] = None,
                           object_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                           return_all: Optional[pulumi.Input[bool]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetServicePrincipalsResult]

func GetServicePrincipals(ctx *Context, args *GetServicePrincipalsArgs, opts ...InvokeOption) (*GetServicePrincipalsResult, error)
func GetServicePrincipalsOutput(ctx *Context, args *GetServicePrincipalsOutputArgs, opts ...InvokeOption) GetServicePrincipalsResultOutput

> Note: This function is named GetServicePrincipals in the Go SDK.

public static class GetServicePrincipals 
{
    public static Task<GetServicePrincipalsResult> InvokeAsync(GetServicePrincipalsArgs args, InvokeOptions? opts = null)
    public static Output<GetServicePrincipalsResult> Invoke(GetServicePrincipalsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetServicePrincipalsResult> getServicePrincipals(GetServicePrincipalsArgs args, InvokeOptions options)
public static Output<GetServicePrincipalsResult> getServicePrincipals(GetServicePrincipalsArgs args, InvokeOptions options)

fn::invoke:
  function: azuread:index/getServicePrincipals:getServicePrincipals
  arguments:
    # arguments dictionary

The following arguments are supported:

ClientIds List<string>: A list of client IDs of the applications associated with the service principals.
DisplayNames List<string>: A list of display names of the applications associated with the service principals.
IgnoreMissing bool: Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
ObjectIds List<string>: The object IDs of the service principals.
ReturnAll bool: When true, the data source will return all service principals. Cannot be used with ignore_missing. Defaults to false.
Either return_all, or one of client_ids, display_names or object_ids must be specified. These may be specified as an empty list, in which case no results will be returned.

ClientIds []string: A list of client IDs of the applications associated with the service principals.
DisplayNames []string: A list of display names of the applications associated with the service principals.
IgnoreMissing bool: Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
ObjectIds []string: The object IDs of the service principals.
ReturnAll bool: When true, the data source will return all service principals. Cannot be used with ignore_missing. Defaults to false.
Either return_all, or one of client_ids, display_names or object_ids must be specified. These may be specified as an empty list, in which case no results will be returned.

clientIds List<String>: A list of client IDs of the applications associated with the service principals.
displayNames List<String>: A list of display names of the applications associated with the service principals.
ignoreMissing Boolean: Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
objectIds List<String>: The object IDs of the service principals.
returnAll Boolean: When true, the data source will return all service principals. Cannot be used with ignore_missing. Defaults to false.
Either return_all, or one of client_ids, display_names or object_ids must be specified. These may be specified as an empty list, in which case no results will be returned.

clientIds string[]: A list of client IDs of the applications associated with the service principals.
displayNames string[]: A list of display names of the applications associated with the service principals.
ignoreMissing boolean: Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
objectIds string[]: The object IDs of the service principals.
returnAll boolean: When true, the data source will return all service principals. Cannot be used with ignore_missing. Defaults to false.
Either return_all, or one of client_ids, display_names or object_ids must be specified. These may be specified as an empty list, in which case no results will be returned.

client_ids Sequence[str]: A list of client IDs of the applications associated with the service principals.
display_names Sequence[str]: A list of display names of the applications associated with the service principals.
ignore_missing bool: Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
object_ids Sequence[str]: The object IDs of the service principals.
return_all bool: When true, the data source will return all service principals. Cannot be used with ignore_missing. Defaults to false.
Either return_all, or one of client_ids, display_names or object_ids must be specified. These may be specified as an empty list, in which case no results will be returned.

clientIds List<String>: A list of client IDs of the applications associated with the service principals.
displayNames List<String>: A list of display names of the applications associated with the service principals.
ignoreMissing Boolean: Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.
objectIds List<String>: The object IDs of the service principals.
returnAll Boolean: When true, the data source will return all service principals. Cannot be used with ignore_missing. Defaults to false.
Either return_all, or one of client_ids, display_names or object_ids must be specified. These may be specified as an empty list, in which case no results will be returned.

getServicePrincipals Result

The following output properties are available:

ClientIds List<string>: The client ID of the application associated with this service principal.
DisplayNames List<string>: A list of display names of the applications associated with the service principals.
Id string: The provider-assigned unique ID for this managed resource.
ObjectIds List<string>: The object IDs of the service principals.
ServicePrincipals List<Pulumi.AzureAD.Outputs.GetServicePrincipalsServicePrincipal>: A list of service principals. Each service_principal object provides the attributes documented below.
IgnoreMissing bool
ReturnAll bool

ClientIds []string: The client ID of the application associated with this service principal.
DisplayNames []string: A list of display names of the applications associated with the service principals.
Id string: The provider-assigned unique ID for this managed resource.
ObjectIds []string: The object IDs of the service principals.
ServicePrincipals []GetServicePrincipalsServicePrincipal: A list of service principals. Each service_principal object provides the attributes documented below.
IgnoreMissing bool
ReturnAll bool

clientIds List<String>: The client ID of the application associated with this service principal.
displayNames List<String>: A list of display names of the applications associated with the service principals.
id String: The provider-assigned unique ID for this managed resource.
objectIds List<String>: The object IDs of the service principals.
servicePrincipals List<GetServicePrincipalsServicePrincipal>: A list of service principals. Each service_principal object provides the attributes documented below.
ignoreMissing Boolean
returnAll Boolean

clientIds string[]: The client ID of the application associated with this service principal.
displayNames string[]: A list of display names of the applications associated with the service principals.
id string: The provider-assigned unique ID for this managed resource.
objectIds string[]: The object IDs of the service principals.
servicePrincipals GetServicePrincipalsServicePrincipal[]: A list of service principals. Each service_principal object provides the attributes documented below.
ignoreMissing boolean
returnAll boolean

client_ids Sequence[str]: The client ID of the application associated with this service principal.
display_names Sequence[str]: A list of display names of the applications associated with the service principals.
id str: The provider-assigned unique ID for this managed resource.
object_ids Sequence[str]: The object IDs of the service principals.
service_principals Sequence[GetServicePrincipalsServicePrincipal]: A list of service principals. Each service_principal object provides the attributes documented below.
ignore_missing bool
return_all bool

clientIds List<String>: The client ID of the application associated with this service principal.
displayNames List<String>: A list of display names of the applications associated with the service principals.
id String: The provider-assigned unique ID for this managed resource.
objectIds List<String>: The object IDs of the service principals.
servicePrincipals List<Property Map>: A list of service principals. Each service_principal object provides the attributes documented below.
ignoreMissing Boolean
returnAll Boolean

Supporting Types

GetServicePrincipalsServicePrincipal

AccountEnabled bool: Whether the service principal account is enabled.
AppRoleAssignmentRequired bool: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
ApplicationTenantId string: The tenant ID where the associated application is registered.
ClientId string: The application ID (client ID) for the associated application
DisplayName string: The display name of the application associated with this service principal.
ObjectId string: The object ID of the service principal.
PreferredSingleSignOnMode string: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
SamlMetadataUrl string: The URL where the service exposes SAML metadata for federation.
ServicePrincipalNames List<string>: A list of identifier URI(s), copied over from the associated application.
SignInAudience string: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
Tags List<string>: A list of tags applied to the service principal.
Type string: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity.

AccountEnabled bool: Whether the service principal account is enabled.
AppRoleAssignmentRequired bool: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
ApplicationTenantId string: The tenant ID where the associated application is registered.
ClientId string: The application ID (client ID) for the associated application
DisplayName string: The display name of the application associated with this service principal.
ObjectId string: The object ID of the service principal.
PreferredSingleSignOnMode string: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
SamlMetadataUrl string: The URL where the service exposes SAML metadata for federation.
ServicePrincipalNames []string: A list of identifier URI(s), copied over from the associated application.
SignInAudience string: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
Tags []string: A list of tags applied to the service principal.
Type string: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity.

accountEnabled Boolean: Whether the service principal account is enabled.
appRoleAssignmentRequired Boolean: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
applicationTenantId String: The tenant ID where the associated application is registered.
clientId String: The application ID (client ID) for the associated application
displayName String: The display name of the application associated with this service principal.
objectId String: The object ID of the service principal.
preferredSingleSignOnMode String: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
samlMetadataUrl String: The URL where the service exposes SAML metadata for federation.
servicePrincipalNames List<String>: A list of identifier URI(s), copied over from the associated application.
signInAudience String: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
tags List<String>: A list of tags applied to the service principal.
type String: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity.

accountEnabled boolean: Whether the service principal account is enabled.
appRoleAssignmentRequired boolean: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
applicationTenantId string: The tenant ID where the associated application is registered.
clientId string: The application ID (client ID) for the associated application
displayName string: The display name of the application associated with this service principal.
objectId string: The object ID of the service principal.
preferredSingleSignOnMode string: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
samlMetadataUrl string: The URL where the service exposes SAML metadata for federation.
servicePrincipalNames string[]: A list of identifier URI(s), copied over from the associated application.
signInAudience string: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
tags string[]: A list of tags applied to the service principal.
type string: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity.

account_enabled bool: Whether the service principal account is enabled.
app_role_assignment_required bool: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
application_tenant_id str: The tenant ID where the associated application is registered.
client_id str: The application ID (client ID) for the associated application
display_name str: The display name of the application associated with this service principal.
object_id str: The object ID of the service principal.
preferred_single_sign_on_mode str: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
saml_metadata_url str: The URL where the service exposes SAML metadata for federation.
service_principal_names Sequence[str]: A list of identifier URI(s), copied over from the associated application.
sign_in_audience str: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
tags Sequence[str]: A list of tags applied to the service principal.
type str: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity.

accountEnabled Boolean: Whether the service principal account is enabled.
appRoleAssignmentRequired Boolean: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.
applicationTenantId String: The tenant ID where the associated application is registered.
clientId String: The application ID (client ID) for the associated application
displayName String: The display name of the application associated with this service principal.
objectId String: The object ID of the service principal.
preferredSingleSignOnMode String: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.
samlMetadataUrl String: The URL where the service exposes SAML metadata for federation.
servicePrincipalNames List<String>: A list of identifier URI(s), copied over from the associated application.
signInAudience String: The Microsoft account types that are supported for the associated application. Possible values include AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
tags List<String>: A list of tags applied to the service principal.
type String: Identifies whether the service principal represents an application or a managed identity. Possible values include Application or ManagedIdentity.