I suspect that I'm looking at something the wrong way, completely.
I've created a Service Connection in Azure DevOps that allows access to an Azure Machine Learning workspace. And this works fine too.
When the DevOps pipeline agent issues an az account show, (part of) the output is like this:
"tenantId": "b8c ... 5ba",
"user": {
"name": "***",
"type": "servicePrincipal"
}
So a Service Principal is present. But I can't find it in Entra ID.
Thanks to Josh I now know that a Service Principal apparently is synonymous with Enterprise Application.
Indeed, in the Enterprise Application list (under Entra ID) I find a likely candidate for my Service Principal (by creation date).
However, I have a hard time verifying exactly that it is actually the precise one being used.
The attributes shown of the Enterprise Application are:
Name
Application ID
Object ID
but in the service connection details I only have:
Subscription
Resource Group
Service Connection name
and in the output above (from the pipeline agent), I only have a tenant ID and the user name is three asterixes: *** (which I also find fishy).
The Service Connection name was created by me and is not the same as the Enterprise Application name, so I can't use that.
So ... how to verify exactly that my candidate is indeed that particular service principal ... ? I would need to know for sure because I want to extend the Service Principal with a particular role ...
PS. Some pointers to (accessible) reading material to get a good grasp on this are welcome, I probably miss reasoning power due to lacking knowledge.
It’ll be in the Entra (formerly AAD) area under enterprise applications. Be sure to clear the filters before searching by name.