To access resources that are secured by an Microsoft Entra ID tenant, the entity that requires access must be represented by a security principal. This requirement is true for both users (user principal) and applications (service principal). The security principal defines the access policy and permissions for the user/application in the Microsoft Entra ID tenant.
There is an information I found on the HomePage and not on this one :
“If you want to enable additional cloud governance features (for example, […] managing the life cycle of Service Principals as “accounts”) for your Azure Cloud Objects, you must have a CIEM license”
Do we need extra licenses ?
Important
If you want to enable additional cloud governance features for your Entra Cloud Objects (for example, visualization of effective access, Azure Cloud Object Management , such as, Management Groups, Subscriptions, Resource Groups and Role Assignment or Service Principal Accounts Management), you must have SailPoint CIEM license. Contact your SailPoint Customer Success Manager to request access and for more information.
So, I am not sure what is causing confusion in this case. It requires additional license as there are cloud resources associated with it. Thanks!