Unable to Authorize AzureDevOps application to Azure Data Factory
I am trying 'Authorize' Azure DevOps to access Azure Data Factory.
We have created a Service Principal for ADO, but when I try to Authorize it when adding a Azure Powershell task I get the following error message:
Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.
I don't have the permissions to create any new App registrations. Is there a way around this issue
I am at the stage of New Azure service connection, and I'm now at the point of Authentication. Can you let me know how to obtain the Service Principal Id? and Service Principal key
I'm not able to create a secret, see below. But I thought i wouldn't need to as there is already a Service Principal created, or am I wrong
There is one other confusing thing where I'm getting the error, and that is because my service connection is included in Service Connections tab,see below. So, I thought I would be able to connect?
The Visual Stuido Subscription ending in 203 is my subscription
When I follow the instructions:
Step1: Contact your Project Admin and navigate to Project Settings -> Service connections -> Select the Service Connection name: Visual Studio Enterprise Subscription:
I am presented with the following screen
OK, I found the option to Add User, see below
When I search for my Visual Studio Enterprise it doesn't appear, see image. Does it mean it hasn't appeared
Even though it would appear I have permissions when I try to authorize I still get the following error:
The Service connection highlighted in Yellow is my Service connection, and you can see the project Data Engineering
When I attempt update 4 I get the following:
Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.
The error means that the service connection name already exists in the Azure DevOps.
Here are two methods to solve the issue:
Method1: You can contact the Administrator of the project to grant the User/Administrator role of the Service Connection. Then you can directly use the existing Service Connection.
For more detailed info, you can refer to this doc: Service connections
Method2: You can create a new ARM service connection. Then you can use it in the Azure PowerShell task.
From your description, you already have a service principal for Azure DevOps.
Here are the steps:
Step1: Navigate to Project Settings -> Service Connections and find the Azure Resource Manager Service Connection.
For example:
Step2: Select the Service principal (manual) and input all required information.
For example:
For more detailed info, you can refer to this doc: Create Azure RM service principal (manual)
Update5:
I can reproduce the same issue now.
The cause of the issue is that the Service Connection is invalid.
When you open the service connection, it will show the following error:
Failed to create an app in Microsoft Entra. Error: Insufficient privileges to complete the operation in Microsoft Graph Ensure that the user has permissions to create a Microsoft Entra Application.
For example:
In this case, the existing service connection can not be recognized by the Azure Powershell task. When you create the service connection, it will show the service connection is already existing.
To solve the issue, you need to use the existing Service Principal to create a valid manual ARM Service connection.
Here are the steps:
You can navigate to the page: AAD -> APP Registrations -> Select the target Service Principal.
The Application (client) ID is the Service Principal Id.
The Directory (tenant) ID is the Tenant ID.
Then you can navigate to Certificates & secrets tab to create the Secret key. It can be used in the Service Principal Key.
Then you can use the new service connection in the Azure PowerShell task.
- How do I interact between two custom controls / contributions?
- How do I provide service principal's authorization for an API call in a DevOps pipeline
- Update Build Pipeline variables from .Net code
- Azure devops test task: how to display messages during Visual Studio test execution
- Azure Pipeline: Pass System.Debug to a pwsh switch parameter
- Yaml pipeline sheduled crons not working as expected
- Why is my Azure Pipeline not able to run a basic Git add
- Azure DevOps - send email notification after test results have been published
- Using script commands, how to add multiple scale rules to an Azure Container App?
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure DevOps IP addresses
- Release Pipeline throws the following error: Unable to apply transformation for the given package - Changes are already present in the package
- BuildQualityChecks task doesn't consider all the published test coverage reports
- Is there a way to see who ran a manual stage in an ADO YAML pipeline?
- How to set the registry URL in a project-level .npmrc file from an environment variable in an Azure Pipeline
- Prevent Pull Request builds from triggering Continuous deployment trigger Azure DevOps Server
- How do we store files shared across projects stored in separate VSTS GIT Repositories
- Can I reference a lookup table in a DevOps pipeline?
- How can I skip old vulnerabilities and break only with new ones using Snyk scan on Azure DevSecOps?
- Tasks to download the latest commit
- PR Trigger Not Working on Azure DevOps YAML Pipeline
- How to Increase/Update Variable Group value using Azure Devops Build Definition?
- vsts-npm-auth is not recognized as the name of a cmdlet
- AzureDevOps Pipeline 'Classic Editor' not visible when trying to create a pipeline
- How to I checkout with recursive submodules in Azure DevOps in the same project but different repo without disabling protections?
- How can I check the size of a repository on Azure DevOps?
- How to change branch name in Azure DevOps
- Azure Devops Pipeline: a JSON string variable loses all its doublequotes
- Azure Functions no longer compile on build server after upgrade from .NET 7 to .NET 8