Azure Access Control requires the use of Azure AD Object IDs (also known as Principal IDs) in order to assign roles to a specific identity. This walkthrough shows you how to retrieve these from the Azure Portal. If you'd like to use the Azure CLI, you can follow these instructions instead.

Find a User Object ID

  1. Sign in to the Azure portal.

  2. Select Azure Active Directory from the menu.

  3. Locate the Manage section on the menu and then select Users.

    Screenshot that shows the Azure Active Directory menu with the Users option highlighted.

  4. On the Users page, enter the user's name in the Search box.

    Screenshot that shows the Users page with a search box to search for a user.

  5. Select the user's name where it appears on the list.

    Screenshot showing the User page displaying a row for the searched user.

  6. Locate the Basic info section on the user's Profile page. The Object ID that is displayed is the user's unique object ID.

    Screenshot that shows the User Profile page with Identity section and the Object ID highlighted.


Find a Group Object ID

Follow the same steps above to find a user ID, but instead start by selecting Groups:

Find a Service Principal ID

  1. Sign in to the Azure portal.

  2. Select Azure Active Directory from the menu.

  3. Select App registrations.

  4. Select your application and copy the Object ID.

Find a Managed Identity Object ID

  1. Sign in to the Azure portal.

  2. In the search box, enter Managed Identities. Under Services, select Managed Identities.

  3. A list of the user-assigned managed identities for your subscription is returned. To see the details of a user-assigned managed identity, select its name.

  4. Select the Object ID.


Did this answer your question?