Share via


Service Principals - Get

Get a service principal by its descriptor.

GET https://vssps.dev.azure.com/{organization}/_apis/graph/serviceprincipals/{servicePrincipalDescriptor}?api-version=7.1-preview.1

URI Parameters

Name In Required Type Description
organization
path True

string

The name of the Azure DevOps organization.

servicePrincipalDescriptor
path True

string

The descriptor of the desired service principal.

api-version
query True

string

Version of the API to use. This should be set to '7.1-preview.1' to use this version of the api.

Responses

Name Type Description
200 OK

GraphServicePrincipal

successful operation

Security

oauth2

Type: oauth2
Flow: accessCode
Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL: https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

Scopes

Name Description
vso.graph Grants the ability to read user, group, scope and group membership information

Examples

Sample request

GET https://vssps.dev.azure.com/{organization}/_apis/graph/serviceprincipals/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz?api-version=7.1-preview.1

Sample response

{
  "subjectKind": "servicePrincipal",
  "applicationId": "4096aded-4444-4444-9ad0-b25b6b2a2bbe",
  "directoryAlias": "f632cdfd-4444-4444-99ce-6fe0fd007d9d",
  "domain": "62e2ee3f-4444-4444-9b85-4a3776783e13",
  "principalName": "f632cdfd-4444-4444-99ce-6fe0fd007d9d",
  "mailAddress": null,
  "origin": "aad",
  "originId": "f632cdfd-4444-4444-99ce-6fe0fd007d9d",
  "displayName": "ServicePrincipalDisplayName",
  "_links": {
    "self": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/ServicePrincipals/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz"
    },
    "memberships": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/Memberships/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz"
    },
    "membershipState": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/MembershipStates/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz"
    },
    "storageKey": {
      "href": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/StorageKeys/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz"
    },
    "avatar": {
      "href": "https://dev.azure.com/Fabrikam/_apis/GraphProfile/MemberAvatars/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz"
    }
  },
  "url": "https://vssps.dev.azure.com/Fabrikam/_apis/Graph/ServicePrincipals/aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz",
  "descriptor": "aadsp.OTE2ZTY1NmItYTBiNS03ZjNmLTg0YWEtNGViMTVhZjc4ZTYz"
}

Definitions

Name Description
GraphServicePrincipal
ReferenceLinks

The class to represent a collection of REST reference links.

GraphServicePrincipal

Name Type Description
_links

ReferenceLinks

This field contains zero or more interesting links about the graph subject. These links may be invoked to obtain additional relationships or more detailed information about this graph subject.

applicationId

string

descriptor

string

The descriptor is the primary way to reference the graph subject while the system is running. This field will uniquely identify the same graph subject across both Accounts and Organizations.

directoryAlias

string

The short, generally unique name for the user in the backing directory. For AAD users, this corresponds to the mail nickname, which is often but not necessarily similar to the part of the user's mail address before the @ sign. For GitHub users, this corresponds to the GitHub user handle.

displayName

string

This is the non-unique display name of the graph subject. To change this field, you must alter its value in the source provider.

domain

string

This represents the name of the container of origin for a graph member. (For MSA this is "Windows Live ID", for AD the name of the domain, for AAD the tenantID of the directory, for VSTS groups the ScopeId, etc)

isDeletedInOrigin

boolean

When true, the group has been deleted in the identity provider

legacyDescriptor

string

[Internal Use Only] The legacy descriptor is here in case you need to access old version IMS using identity descriptor.

mailAddress

string

The email address of record for a given graph member. This may be different than the principal name.

metaType

string

The meta type of the user in the origin, such as "member", "guest", etc. See UserMetaType for the set of possible values.

origin

string

The type of source provider for the origin identifier (ex:AD, AAD, MSA)

originId

string

The unique identifier from the system of origin. Typically a sid, object id or Guid. Linking and unlinking operations can cause this value to change for a user because the user is not backed by a different provider and has a different unique id in the new provider.

principalName

string

This is the PrincipalName of this graph member from the source provider. The source provider may change this field over time and it is not guaranteed to be immutable for the life of the graph member by VSTS.

subjectKind

string

This field identifies the type of the graph subject (ex: Group, Scope, User).

url

string

This url is the full route to the source resource of this graph subject.

The class to represent a collection of REST reference links.

Name Type Description
links

object

The readonly view of the links. Because Reference links are readonly, we only want to expose them as read only.