How to create a Service Principal and Client Secret

Raise a ticket if you need help.


CloudMonitor uses a Service Principal to communicate with the Azure Cost APIs. When you install the CloudMonitor Analytics Engine you can choose an existing Service Principal in your AD Tenancy or create a new one during installation. If you wish to choose an existing one, click on “Select Existing” and find the Service Principal you want to use. This tutorial will focus on creating a new one during installation. 

CloudMonitor Install Screen

 On the “Service Principal for API Access”, select “Create New”  and click on the “Change selection” link.

Create a Service Principal Start

This will open up the “Register an application” screen below. A “Registered Application” is another name for an Azure Service Principal.

Enter “CloudMonitor-SP” for the name and change to the “Single Tenant” option as this is the most secure. Click on “Register” at the bottom of the screen to continue. If you have the right permissions, this will create a Service Principal in your organizations Active Directory. 

Create a Service Principal

You will now be in the overview screen of the newly-created Service Principal:

Service Principal - Client Secret

Create a Client Secret

The next step is to create a Client Secret so that CloudMonitor can authenticate with this Service Principal to communicate with the Azure Cost APIs.

Click on “+ New client secret” (the link in the red box in the screenshot above” and enter the Description “CloudMonitor-ClientSecret”.

Set “Expires” to 24 months (this is duration is up to you; when it expires, any application using it will stop working until the secret is updated).

Click on “Add” to create the secret for your Service Principal.

Client Secret Creation

Copy the new Client Secret

The new Client Secret will appear in the list and you can click on the Value “Copy to Clipboard” icon. Important: This Secret Value is never shown again so make sure you copy it to the clipboard. Do not share this with anyone other than CloudMonitor – treat it as you would a password.

Click on the “X” in the top right of this screen to close this Service Principal view and return to the CloudMonitor install wizard.

Copy Client Secret

Paste Client Secret into Textbox

Once you return back to installation wizard, paste the Client Secret from the previous step into the “Client Secret” textbox. You can now proceed with the rest of setup.

ClientSecret Wizard

Share on linkedin
Share on twitter
Share on email
Share on print

Subscribed! We'll let you know when we have new blogs and events...