azure-devopsazure-pipelinesazure-data-factoryazure-pipelines-yamlazure-pipelines-tasks

Unable to Authorize AzureDevOps application to Azure Data Factory


I am trying 'Authorize' Azure DevOps to access Azure Data Factory.

We have created a Service Principal for ADO, but when I try to Authorize it when adding a Azure Powershell task I get the following error message:

Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.

enter image description here

I don't have the permissions to create any new App registrations. Is there a way around this issue

I am at the stage of New Azure service connection, and I'm now at the point of Authentication. Can you let me know how to obtain the Service Principal Id? and Service Principal key

enter image description here

I'm not able to create a secret, see below. But I thought i wouldn't need to as there is already a Service Principal created, or am I wrong enter image description here

enter image description here

There is one other confusing thing where I'm getting the error, and that is because my service connection is included in Service Connections tab,see below. So, I thought I would be able to connect?

The Visual Stuido Subscription ending in 203 is my subscription enter image description here

When I follow the instructions:

Step1: Contact your Project Admin and navigate to Project Settings -> Service connections -> Select the Service Connection name: Visual Studio Enterprise Subscription:

I am presented with the following screen

enter image description here

OK, I found the option to Add User, see below enter image description here

When I search for my Visual Studio Enterprise it doesn't appear, see image. Does it mean it hasn't appeared

enter image description here

Even though it would appear I have permissions when I try to authorize I still get the following error: enter image description here

The Service connection highlighted in Yellow is my Service connection, and you can see the project Data Engineering enter image description here

When I attempt update 4 I get the following:

enter image description here


Solution

  • Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.

    The error means that the service connection name already exists in the Azure DevOps.

    Here are two methods to solve the issue:

    Method1: You can contact the Administrator of the project to grant the User/Administrator role of the Service Connection. Then you can directly use the existing Service Connection.

    For more detailed info, you can refer to this doc: Service connections

    Method2: You can create a new ARM service connection. Then you can use it in the Azure PowerShell task.

    From your description, you already have a service principal for Azure DevOps.

    Here are the steps:

    Step1: Navigate to Project Settings -> Service Connections and find the Azure Resource Manager Service Connection.

    For example:

    enter image description here

    Step2: Select the Service principal (manual) and input all required information.

    For example:

    enter image description here

    For more detailed info, you can refer to this doc: Create Azure RM service principal (manual)

    Update5:

    I can reproduce the same issue now.

    The cause of the issue is that the Service Connection is invalid.

    When you open the service connection, it will show the following error:

    Failed to create an app in Microsoft Entra. Error: Insufficient privileges to complete the operation in Microsoft Graph Ensure that the user has permissions to create a Microsoft Entra Application.
    

    For example:

    enter image description here

    In this case, the existing service connection can not be recognized by the Azure Powershell task. When you create the service connection, it will show the service connection is already existing.

    To solve the issue, you need to use the existing Service Principal to create a valid manual ARM Service connection.

    Here are the steps:

    You can navigate to the page: AAD -> APP Registrations -> Select the target Service Principal.

    enter image description here

    The Application (client) ID is the Service Principal Id.

    The Directory (tenant) ID is the Tenant ID.

    Then you can navigate to Certificates & secrets tab to create the Secret key. It can be used in the Service Principal Key.

    enter image description here

    Then you can use the new service connection in the Azure PowerShell task.