I need to create a service connection in Azure DevOps for service type "Azure Resource Manager". When I am trying "Service principal (automatic)", I am able to do with proper permission. But when I am trying "Service principal (manual)", it needs service principle key. May I know how to create it from Azure Portal?
Asked
Active
Viewed 7,431 times
3
-
This should answer your question: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret – juunas Jun 04 '21 at 06:40
-
1Just for the confirmation, I am asking. Is Service Principle key and Value under Client Secrets are same? – VKD Jun 04 '21 at 06:44
-
2Yes, it's the same thing. – juunas Jun 04 '21 at 06:53
-
When I use that secret in service connection, I am getting the error as "Failed to query service connection API: 'https://management.azure.com/subscriptions/XXXXXX?api-version=2016-06-01'. Status Code: 'Forbidden', Response from server: '{"error":{"code":"AuthorizationFailed","message":"The client 'XXXXXXXXX' with object id 'XXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/XXXXXX' or the scope is invalid. If access was recently granted, please refresh your credentials."}}'". Any other steps am I missing? – VKD Jun 04 '21 at 12:46
-
Have you assigned a role to the app registration/service principal in the Azure subscription? – juunas Jun 04 '21 at 13:11
1 Answers
3
Yes, as mentioned by @juunas, the service principle key is also named client secret, you can create it in your App Registration -> Certificates & secrets in the portal, follow this link.
For the Forbidden error, it means your service principal does not have the correct RBAC role in your subscription, just navigate to your subscription in the portal -> add an RBAC role e.g. Contributor for your service principal like below, details here.
Joy Wang
- 39,905
- 3
- 30
- 54