How to login via Service Principal having Federated Credentials rather than Client Secrets

Due to recent push to remove Entra App secrets from Azure and adopt usage of Workload Identity Federation in service connections, I have removed the client secret from service principal and added Federated Credentials into it.

How do I login into Azure via this service principal?

Earlier this login was happening via the below mentioned code:

Write-Host Object Id = $objectId
    $key = ConvertTo-SecureString -String  $env:servicePrincipalKey -AsPlainText -Force
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $env:servicePrincipalId, $key
    Connect-AzAccount -ServicePrincipal -TenantId $env:tenantId -Credential $Credential

I tried many documents but could not find anything acceptable. Seeking help.

Is there any other way I can achieve this via pipeline. I have a release pipeline which uses service connection based on Workload Identity Federation (automatic). The Service Principal made out of this step has federated credentials. In the next step in my pipeline, I am using a powershell script which has this login step.

This is my service principal with Federated Creds:

In the pipeline you can try like as below:

1. Add an Azure CLI task and enable the option addSpnToEnvironment (Access service principal details in script) on the task. This option will provide the variables to let you get the login credentials.

   

   You can run the following command on the task to pass the login credentials as pipeline variables so that the subsequent steps within the same job can use the credentials.

   echo "##vso[task.setvariable variable=SP_CLIENT_ID]$servicePrincipalId" 
   echo "##vso[task.setvariable variable=SP_ID_TOEKN]$idToken"
   echo "##vso[task.setvariable variable=TENANT_ID]$tenantId"
   

2. Then in the subsequent steps, you can use the Azure CLI command "az login --service-principal" or Azure PowerShell cmdlet "Connect-AzAccount -ServicePrincipal" to login Azure With the credentials fetched above.

   az login --service-principal --tenant $(TENANT_ID) -u $(SP_CLIENT_ID) --federated-token $(SP_ID_TOEKN) --allow-no-subscriptions
   
   Connect-AzAccount -ServicePrincipal -Tenant $(TENANT_ID) -ApplicationId $(SP_CLIENT_ID) -FederatedToken $(SP_ID_TOEKN) -Environment AzureCloud -Scope Process
   

Below is a sample of pipeline as reference.

• To run the Azure CLI commands in pipelines, ensure the Azure CLI tool has been installed on the agent machine.
• To the Azure PowerShell cmdlet in pipelines, ensure the Azure PowerShell has been installed on the agent machine.

    steps:
    - task: AzureCLI@2
      displayName: 'Get login Credentials'
      inputs:
        addSpnToEnvironment: true
        azureSubscription: MyArmConnection
        scriptType: bash
        scriptLocation: inlineScript
        inlineScript: |
          echo "##vso[task.setvariable variable=SP_CLIENT_ID]$servicePrincipalId" 
          echo "##vso[task.setvariable variable=SP_ID_TOEKN]$idToken"
          echo "##vso[task.setvariable variable=TENANT_ID]$tenantId"
    
    - bash: az login --service-principal --tenant $(TENANT_ID) -u $(SP_CLIENT_ID) --federated-token $(SP_ID_TOEKN) --allow-no-subscriptions
      displayName: 'Login Azure using az login'
    
    - pwsh: Connect-AzAccount -ServicePrincipal -Tenant $(TENANT_ID) -ApplicationId $(SP_CLIENT_ID) -FederatedToken $(SP_ID_TOEKN) -Environment AzureCloud -Scope Process
      displayName: 'Login Azure using Connect-AzAccount'