You should still be able to achieve this scenario in Octopus today, but it does come with a couple of hoops to jump through and is not a currently supported scenario.
I am also working on an assumption that you already have the Azure AD accounts and scripts setup and working for your scenario.
On your Octopus Server you will need to install the Azure PowerShell modules, so that the script step has access to the Azure functions.
You can get around the validation on the Account Edit page by putting a fake GUID in the Subscription field, the PowerShell line
[Guid]::NewGuid().ToString() | clip will generate a new GUID for you to the clipboard. Fill out the other fields with the correct values for your service principal.
In your project create a new Azure Account variable and select the account created above.
Create a new standard script step, this cannot be the Azure PowerShell step. In the script step add the following code to perform the login:
$securePassword = ConvertTo-SecureString $AzureAccountPassword -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ($AzureAccountClient, $securePassword)
Login-AzureRmAccount -Credential $creds -TenantId $AzureAccountTenantId -Environment "AzureCloud" -ServicePrincipal
You could also put the above code into a script module as a reusable function.
In each of the variables in the script, the
$AzureAccount bit is the name of the account project variable. You will also need to set your
-Environment parameter to the correct Azure Cloud if you are not using the default Azure Global cloud.
I have also raised an issue for this enhancement.
Hopefully, this helps you achieve the Azure AD management functions you are wanting to.