# Service Principals Often when a third party app offers single sign-on or other interactions with your Entra ID they offer a solution to create a service principal. To get the integration running you will provide the system or vendor with your tenant id, application id and a corresponding secret. The application then need access to Entra ID for the integration to work as expected and the application is given permissions in your environment. Sign-in from this application is not governed by identity protection, such as conditional access policies, meaning that the application id + secret would work from everywhere at any time. The Service Principal report show the different service principals in your environment, permissions given and where they sign in from. Often third party vendors ask for too much permissions and you should review the report to make sure that permissions and sign-ins are as expected. We've classified permissions in critical, high, medium and low but a read role that is classified as low could be potentially business critical if exposed. Eg. if a service principal has been given mail.read permissions and the secret is compromised someone out there could read all your company e-mails. {% hint style="info" %} Use the map and click on the dots to see what data you export to which country and too whom. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bsure.io/user-guides/security/service-principals.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.