Unable to Authorize AzureDevOps application to Azure Data Factory
I am trying 'Authorize' Azure DevOps to access Azure Data Factory.
We have created a Service Principal for ADO, but when I try to Authorize it when adding a Azure Powershell task I get the following error message:
Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.
I don't have the permissions to create any new App registrations. Is there a way around this issue
I am at the stage of New Azure service connection, and I'm now at the point of Authentication. Can you let me know how to obtain the Service Principal Id? and Service Principal key
I'm not able to create a secret, see below. But I thought i wouldn't need to as there is already a Service Principal created, or am I wrong
There is one other confusing thing where I'm getting the error, and that is because my service connection is included in Service Connections tab,see below. So, I thought I would be able to connect?
The Visual Stuido Subscription ending in 203 is my subscription
When I follow the instructions:
Step1: Contact your Project Admin and navigate to Project Settings -> Service connections -> Select the Service Connection name: Visual Studio Enterprise Subscription:
I am presented with the following screen
OK, I found the option to Add User, see below
When I search for my Visual Studio Enterprise it doesn't appear, see image. Does it mean it hasn't appeared
Even though it would appear I have permissions when I try to authorize I still get the following error:
The Service connection highlighted in Yellow is my Service connection, and you can see the project Data Engineering
When I attempt update 4 I get the following:
Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.
The error means that the service connection name already exists in the Azure DevOps.
Here are two methods to solve the issue:
Method1: You can contact the Administrator of the project to grant the User/Administrator role of the Service Connection. Then you can directly use the existing Service Connection.
For more detailed info, you can refer to this doc: Service connections
Method2: You can create a new ARM service connection. Then you can use it in the Azure PowerShell task.
From your description, you already have a service principal for Azure DevOps.
Here are the steps:
Step1: Navigate to Project Settings -> Service Connections and find the Azure Resource Manager Service Connection.
For example:
Step2: Select the Service principal (manual) and input all required information.
For example:
For more detailed info, you can refer to this doc: Create Azure RM service principal (manual)
Update5:
I can reproduce the same issue now.
The cause of the issue is that the Service Connection is invalid.
When you open the service connection, it will show the following error:
Failed to create an app in Microsoft Entra. Error: Insufficient privileges to complete the operation in Microsoft Graph Ensure that the user has permissions to create a Microsoft Entra Application.
For example:
In this case, the existing service connection can not be recognized by the Azure Powershell task. When you create the service connection, it will show the service connection is already existing.
To solve the issue, you need to use the existing Service Principal to create a valid manual ARM Service connection.
Here are the steps:
You can navigate to the page: AAD -> APP Registrations -> Select the target Service Principal.
The Application (client) ID is the Service Principal Id.
The Directory (tenant) ID is the Tenant ID.
Then you can navigate to Certificates & secrets tab to create the Secret key. It can be used in the Service Principal Key.
Then you can use the new service connection in the Azure PowerShell task.
- Azure yaml trigger pipeline every 14 days on a Saturday
- How can I give a containerRegistry to a DevcontainersCi task in an Azure DevOps YAML Pipeline?
- How to assign organization-level permissions to create repositories across all projects in organization in Azure DevOps?
- Updating Node js on internal windows ADO build agent
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- DotNetCLI@2 pack seems to be ignoring configuration inputs
- Build a pipeline in AzureDevOps for Sql Server on prem to run sql scripts
- How to format Azure DevOps console Logs
- How to follow the entire wiki in Azure DevOps?
- Issue with Azure key vault and Azure storage account deployment
- Publishing external POM Package to Azure Artifacts Feed Error
- lionbridge-connector on Azure Artifacts gives Dependency Error
- How to allow an empty string for a runtime parameter?
- Azure - RBAC to Management Group
- Python (Dash) web app deployment on Azure with pipeline running too long with message Building wheel for pandas still running. How to optimize?
- No 'Import a pipeline' button in Azure DevOps
- ASP.NET Azure Web App Pipeline: No package found with specified pattern: D:\a\1\s\**\*.zip
- Error when creating a pipeline. "You don’t appear to have an active Azure subscription."
- ADO YAML Pipelines | How to get secret variable from a variable group based on the value of another variable
- Azure Devops - Get release definitions by agent pool ID
- Azure Pipelines using YAML for multiple environments (stages) with different variable values but no YAML duplication
- How to specify which version of nuget.exe to use with self-hosted agent in Azure DevOps?
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- Azure DevOps - JFrogNuget Error - Error occurred while executing task: Error: Command failed
- Access Azure DevOps Pipeline Artifacts from different organization
- Initiate Azure DevOps Release Pipeline from Logic App and Retrieve Environment Variable Output from the pipeline
- Is it necessary to switch from the Hosted XML to the Inheritance Process Model after a migration
- Why is Azure Pipelines installing the wrong .NET SDK version (according to global.json)
- Azure pipeline does't allow to git push throwing 'GenericContribute' permission is needed
- Azure Devops - How to START one stage before parallel stages?