Service Principals
Collect app metadata, owners, tags, permissions and evidence that can point to accountable teams.
Entra · Azure · Workload Identity Ownership Evidence
Who own workload identities?
OwnerLens is an open-source tool for collecting ownership evidence around Entra Service Principals, Managed Identities and Azure Resource Groups, then turning that evidence into owner candidates with source, logic and confidence.
ownerlens collect tenant evidence
✓ service principals
✓ managed identities
✓ resource groups
✓ tags / RBAC context / app owners
✓ exportable owner evidence
ownerCandidate: platform-identity-team
confidence: medium
source: azure-rbac-context + app metadata Problem
Remediation stalls when accountability is unclear.
Most Entra workload identity findings are technically easy to detect and politically harder to assign. OwnerLens does not replace IGA, CMDB or PAM. It gives reviewers a practical evidence trail so the right team can be found faster.
Managed Identities
Use Azure resource context to infer the owning workload, resource group and operating team.
Resource Groups
Turn tags, RBAC and subscription context into routing evidence for ownership review.
Model
Evidence first. Decision second.
The point is not to guess an owner with fake certainty. The point is to show what evidence exists, where it came from, and how strong it is.
01
Collect
Read Entra and Azure data.02
Normalize
Convert raw metadata into stable evidence signals.03
Review
Keep humans in the loop to confirm candidates and filter out noise.04
Export
Use CSV/JSON in review and remediation workflows.Evidence
Signals are kept separate.
That matters. A tag, an app owner, an RBAC assignment and a CMDB mapping are not the same thing. OwnerLens should preserve that distinction instead of flattening it into a weak “owner” field.
| Signal | Example | Use | Confidence |
|---|---|---|---|
| Azure tags | ownerGroup, owner, costCenter | Fast routing signal when naming discipline exists. | High / Medium |
| Entra app owners | Application or service principal owners | Useful evidence, but named users drift. | Medium |
| Azure RBAC context | Subscription/RG assignments | Find operators or platform teams. | Low / Routing |
| Managed Identity home resource | Linked Azure resource | Often the strongest MI ownership clue. | Medium |
| External enrichment | CMDB, platform team maps | Add organization-specific ownership evidence. | Custom |
Screens
See the ownership evidence in context.
OwnerLens keeps the review close to the data: owner candidates, source signals, confidence and export-ready evidence are visible in the same workflow.
Service Principal evidence
List view with owner candidates, permissions and source columns.
Managed Identity context
Home resource, resource group and Azure context used for routing.
Owner evidence detail
Raw signals preserved with source, logic and confidence.
Tags and routing evidence
Evidence ready for GRC, IAM review or remediation workflow.