How to Create a Service Principal and Client Secret

Modified on Mon, 18 Jul, 2022 at 12:07 PM

CloudMonitor uses a Service Principal to communicate with the Azure Cost APIs. When you install the CloudMonitor Analytics Engine you can choose an existing Service Principal in your Azure AD Tenancy or create a new one during installation.

If you wish to choose an existing one, click on Select Existing and find the Service Principal you want to use.

Note: This tutorial will focus on creating a new Service Principal during installation.


Instructions in Creating a Service Principal and Client Secret

Step 1: Create a new Service Principal


On the Service Principal for API Access, select Create New. Then click on the Change selection link. This will open up a new screen to Register an application. 



Step 2: Register an Application


Enter “CloudMonitor-SP” for the name and select the Single Tenant option as this is the most secure.


A “Registered Application” is another name for an Azure Service Principal. 



Step 3: Click on Register


Click on Register at the bottom of the screen to continue. If you have the right permissions, this will create a Service Principal in your organization's Active Directory. 

Step 4: Create a Client Secret


The next step is to create a Client Secret so that CloudMonitor can authenticate with this Service Principal to communicate with the Azure Cost APIs. 


To do this, select Certificates & Secrets then choose +New client secret. 



Then enter the following data on the text fields: 



  • Description: CloudMonitor-ClientSecret
  • Expires: 24 months


Note: The expiration duration is up to you; when it expires, any application using it will stop working until the secret is updated). 

When done, click on Add.

Step 5: Copy the Client Secret Value


The new Client Secret Value and ID will appear in the list. Copy the Client Secret Value by clicking on the copy to clipboard icon. 



Important: This Client Secret Value is never shown again so make sure you copy it to the clipboard. Do not share this with anyone other than CloudMonitor – treat it as you would a password.

Click on the “X” in the top right of this screen to close this Service Principal view and return to the CloudMonitor install wizard. 

Step 6: Paste Client Secret into Textbox


Once you return back to the installation wizard, paste the Client Secret from the previous step into the “Client Secret” textbox. You can now proceed with the rest of the setup. 



Related articles


Configuring the Service Principal for Admin App Access
Configuring the Service Principal for the Teams Bot

How to recreate Client Secret?

Step 3: Configure your Service Principal to Monitor Subscriptions







Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article