0

Recently observed that one can create multiple Service principals with the same name in Azure AD :

enter image description here

Note: They have different clientIds but same name. This in turn creates issues while creating users within Azure SQL. So any reason why same name App Ids are allowed in AAD?

Also , a same client ID has different objectid when looked up via Enterprise applications and when seen via App registrations.

enter image description here

enter image description here

Is it because Enterprise applications is a union of all managed identities, Service principals etc , the objectid creation for Enterprise applications is different as compared to App registrations.

Nandan
  • 3,939
  • 2
  • 8
  • 21

1 Answers1

0

So any reason why same name App Ids are allowed in AAD?

Service principals and users in Azure SQL are totally different things. I don't think one is referential to the other. They designed it like this.

Generally speaking, when the value of a field is not allowed to repeat, it means that it is unique. I'm not familiar with Azure SQL, but it should follow this principle.

Why does Azure allows same service principal name? It's by design. In common scenarios, we mainly identify uniqueness based on its object id, which is globally unique identifier. Please do not use the name as the only condition for finding the service principal.

From a design point of view, we really should not create two service principals with the same name. It's a pity that Azure does not restrict this.

Also, a same client ID has different objectid when looked up via Enterprise applications and when seen via App registrations.

An enterprise app and the associated app registration are two different objects, so they have different object ids.

The application id is actually the unique identifier for the app registration. It is just also shown in the enterprise app.

You can see Service Principal properties

appId String The unique identifier for the associated application (its appId property).

And the Application Properties

appId String The unique identifier for the application that is assigned to an application by Azure AD. Not nullable. Read-only.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • Hey @AllenWu, Thank you for the reply. Also a query: Is it possible to update the AppName once it is registered ? – Nandan Feb 16 '21 at 03:29
  • @Nandan Yes. You can update the app name using Microsoft Graph: https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http#example. Use [Microsoft Graph explorer](https://developer.microsoft.com/en-us/graph/graph-explorer) to have a quick test. You can also edit the manifest file of the app registration to modify the name directly. – Allen Wu Feb 16 '21 at 04:15