Follow these steps to enable login using a service principal with client certificate.


For more information see 

https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal


  • Ensure that you have a client certificate available in the Personal store of the Current User in the certificates management console.



  • Export the certificate to DER encoded binary X.509 (.CER) format.

  • Logon to the Azure Portal as a user account with the sufficient permissions.


  • Goto Azure Active Directory > App Registrations.


  • Click New Registration.


  • Enter an appropriate name - for example "XIA Automation Server".

  • For supported account types select
    Accounts in this organizational directory only

  • Do not specify a Redirect URI.

  • Click Register.


  • Make a note of the following values

    Application (client) ID
    Directory (tenant) ID

  • Go to Certificates & secrets.

  • Click Upload Certificate.

  • Browse to the exported .CER file.

  • Copy the thumbprint value.

  • Go to Azure Active Directory > App Registrations > XIA Automation Server > API Permissions.

  • Click Add a permission.

  • Select Azure Service Management > user_impersonation.

  • Click Add and ensure the permission is listed.

  • Select the user_impersonation permission and click the Grant admin content button.



  • Go to Azure Active Directory > Roles and Administrators.

  • Assign the XIA Automation Server service principal the permissions required to execute the automation tasks.