Unable to Authorize AzureDevOps application to Azure Data Factory
I am trying 'Authorize' Azure DevOps to access Azure Data Factory.
We have created a Service Principal for ADO, but when I try to Authorize it when adding a Azure Powershell task I get the following error message:
Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.
I don't have the permissions to create any new App registrations. Is there a way around this issue
I am at the stage of New Azure service connection, and I'm now at the point of Authentication. Can you let me know how to obtain the Service Principal Id? and Service Principal key
I'm not able to create a secret, see below. But I thought i wouldn't need to as there is already a Service Principal created, or am I wrong
There is one other confusing thing where I'm getting the error, and that is because my service connection is included in Service Connections tab,see below. So, I thought I would be able to connect?
The Visual Stuido Subscription ending in 203 is my subscription
When I follow the instructions:
Step1: Contact your Project Admin and navigate to Project Settings -> Service connections -> Select the Service Connection name: Visual Studio Enterprise Subscription:
I am presented with the following screen
OK, I found the option to Add User, see below
When I search for my Visual Studio Enterprise it doesn't appear, see image. Does it mean it hasn't appeared
Even though it would appear I have permissions when I try to authorize I still get the following error:
The Service connection highlighted in Yellow is my Service connection, and you can see the project Data Engineering
When I attempt update 4 I get the following:
Service connection with name Visual Studio Enterprise Subscription(xxxxx.xxxxx.xxxxxx.xxxx03) already exists. Only a user having Administrator/User role permissions on service connection Visual Studio Enterprise Subscription(8b78eeed-28c1-45ac-afbb-99148f842203) can see it.
The error means that the service connection name already exists in the Azure DevOps.
Here are two methods to solve the issue:
Method1: You can contact the Administrator of the project to grant the User/Administrator role of the Service Connection. Then you can directly use the existing Service Connection.
For more detailed info, you can refer to this doc: Service connections
Method2: You can create a new ARM service connection. Then you can use it in the Azure PowerShell task.
From your description, you already have a service principal for Azure DevOps.
Here are the steps:
Step1: Navigate to Project Settings -> Service Connections and find the Azure Resource Manager Service Connection.
For example:
Step2: Select the Service principal (manual) and input all required information.
For example:
For more detailed info, you can refer to this doc: Create Azure RM service principal (manual)
Update5:
I can reproduce the same issue now.
The cause of the issue is that the Service Connection is invalid.
When you open the service connection, it will show the following error:
Failed to create an app in Microsoft Entra. Error: Insufficient privileges to complete the operation in Microsoft Graph Ensure that the user has permissions to create a Microsoft Entra Application.
For example:
In this case, the existing service connection can not be recognized by the Azure Powershell task. When you create the service connection, it will show the service connection is already existing.
To solve the issue, you need to use the existing Service Principal to create a valid manual ARM Service connection.
Here are the steps:
You can navigate to the page: AAD -> APP Registrations -> Select the target Service Principal.
The Application (client) ID is the Service Principal Id.
The Directory (tenant) ID is the Tenant ID.
Then you can navigate to Certificates & secrets tab to create the Secret key. It can be used in the Service Principal Key.
Then you can use the new service connection in the Azure PowerShell task.
- DevOps deploying Azure Web Apps to wwwroot/Content/D_C/a/1/s/ in Linux container
- Azure DevOps: access secret variable programmatically
- How to install PowerShell module pushed to Azure Artifacts in Pipelines?
- Get all work items from a project azure devops REST API
- Which scope takes precedence in an release pipeline variable?
- In Azure DevOps, need to view and prioritize Features, Product Backlog Items and Bugs in one list in relation to each other
- CICD of data factory
- Can't multi-target projects in azure pipeline build
- Preview state of azure pipeline yaml after supplying it with runtime parameters
- How do I identify the triggering pipeline in the download step when downloading pipeline artifacts in Azure DevOps on-prem?
- JIRA Azure DevOps iteration not showing work item in Azure DevOps
- Azure DevOps build Artifact Error because of Failed to fetch ARM parameters: Error: Input required: AzureResourceManagerConnection
- Issue with Azure DevOps API: Newly Created Area Paths Not Recognized Immediately
- How to add tag to a build from classic release after successful deployment to stage
- I don't see the menu entries for releases
- Azure DevOps Rest API : Object "ID" scope
- Getting "BadRequest" when trying to deploy web app networking settings using Bicep trmplate
- Accessing Azure DevOps Board custom field using OData query
- AzureStaticWebApp@0 push from artifacts
- Azure DevOps - deploy Window Service task
- CICD for Azure Databricks
- Trigger Azure DevOps pipeline only for "main" AND changes in a certain path
- Azure Pipelines - Replace a variable in a yaml file
- Azure dev ops cicd yaml variable for appSettings, multi line causing an error
- .Net Azure Function app publish does not generate a bin folder
- Git cleanup/garbage collection on remote Azure DevOps git repository
- Run build only on approval
- Azure DevOps is not gathering all changes when using schduled cron trigger
- yaml pipeline: How to use a build artifact generated in a previous build
- How to resolve eslint errors due to use of the html() method in jquery libraries when running security scans with Github advanced security?