At the master DB level:

create login [<<service principle name>>] from external provider
create user [<<service principle name>>] from login [<<service principle name>>]

At the individual DB level:

create user [<<service principle name>>] from login [<<service principle name>>]
alter role db_owner add member [<<service principle name>>] -- OR whatever role you would like to assign