Creating a Service Principle in Azure requires a Client Secret. The Secret serves as the password for the principle. For example, you will need a Client Secret in order to generate a JSON Web Token.

A Client Secret is associated with an Application Registration. To get started, you will need to register your application in Active Directory, as described in this article.

Log into the Azure Portal and search for Azure Active Directory, shown in Fig. 1.

Search Azure for Active Directory
Fig. 1

Select "Azure Active Directory" to navigate to the Azure Active Directory "Overview" blade, as shown in Fig. 2.

Azure Active Directory Overview Blade
Fig. 2

Click the [App registrations] button (Fig. 3) to open the "App Registrations" blade, as shown in Fig. 4.

App Registrations Button
Fig. 3

App Registrations Blade
Fig. 4

Select your App registration to open its details page, as shown in Fig. 5.

Registration Details Page
Fig. 5

Click the [Certificates & secrets] button (Fig. 6) to display the "Certificates & secrets" blade, as shown in Fig. 7.

Certificates And Secrets Button
Fig. 6

Certificates And Secrets Blade
Fig. 7

Select the "Client secrets" tab, if it is not yet selected.

Click the [New client secret] button (Fig. 8) to display the "Add client secret" dialogue, as shown in Fig. 9.

New Client Secret Button
Fig. 8

Add Client SecretDialogue
Fig. 9

Provide a brief description of the secret. This will show up in lists, making it easier to identify later.

Select a time at which the secret will expire and need to be regenerated.

Click the [Add] button to generate the Client Secret and return to the "Certificates & Secrets" value. You should see your newly-generated secret listed on this blade. Copy and save the "Value". You will need it later.


After you navigate away from this page, there is no way to retrieve the Secret Value. If you do not copy and save it now, you will need to regenerate a Secret. 

Keep this secret in a safe place - in Azure Key Vault or in a secure folder. If it is compromised, a hacker can access your API with this service identity.

This article showed how to generate a Client Secret. This Client Secret serves as a password for a principle account. You can use it when generating a JSON Web Token.