Assign service principal Admin Role on Service Fabric AD App

I am setting up Azure AD applications for my Service Fabric cluster, so I do not need to rely on Cert Auth to connect to the cluster.

We use a Service Principal from an App Registration that has Contributor access to the subscription to run the ARM template to set up the cluster. Is there a way that I can make the Service Principal an Admin on the Cluster AD Application as well?

Our deployment script is in Powershell and saw this post: Deploying ServiceFabric apps using AzureAD Authentication on how to automate connecting, but I need a way to connect with a Service Principal.

Solution

I figured out how to get it to work.

The first part is to give the service principal the role on the Client App.

Go to Azure Portal -> Azure Active Directory -> App Registrations and select the Client app created.
Go to the Manifest page and find the Admin app role and add an entry for "Application" to the allowedMemberTypes property. Save when updated.
Go to App Registrations and select the app you are using to run automation with
Go to API Permissions, Click Add permission Button. Go to the APIs my organization uses tab and search for the SF Cluster Client Application.
Select Application Permissions and chose the Admin permission.
Hit the Grant admin consent for <Tenant Name>

Once permission is granted, you can run the PowerShell script:

Add-Type -Path "./Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$authority = "https://login.microsoftonline.com/$($tenantId)"
$credentials = [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]::new($AzureLogin, $AzurePassword)
$authContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authority)

$authResult = $authContext.AcquireTokenAsync($clientAppId, $credentials) 
$Token = $authResult.Result.AccessToken
Connect-ServiceFabricCluster -AzureActiveDirectory -SecurityToken $Token `
        -ConnectionEndpoint $endpoint -ServerCertThumbprint $thumbprint