I need to create a service connection in Azure DevOps for service type "Azure Resource Manager". When I am trying "Service principal (automatic)", I am able to do with proper permission. But when I am trying "Service principal (manual)", it needs service principle key. May I know how to create it from Azure Portal?
how to create service principle key in Azure
Asked Answered
This should answer your question: learn.microsoft.com/en-us/azure/active-directory/develop/… –
Diffusivity
Just for the confirmation, I am asking. Is Service Principle key and Value under Client Secrets are same? –
Bently
Yes, it's the same thing. –
Diffusivity
When I use that secret in service connection, I am getting the error as "Failed to query service connection API: 'management.azure.com/subscriptions/…'. Status Code: 'Forbidden', Response from server: '{"error":{"code":"AuthorizationFailed","message":"The client 'XXXXXXXXX' with object id 'XXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/XXXXXX' or the scope is invalid. If access was recently granted, please refresh your credentials."}}'". Any other steps am I missing? –
Bently
Have you assigned a role to the app registration/service principal in the Azure subscription? –
Diffusivity
Yes, as mentioned by @juunas, the service principle key is also named client secret, you can create it in your App Registration -> Certificates & secrets in the portal, follow this link.
For the Forbidden error, it means your service principal does not have the correct RBAC role in your subscription, just navigate to your subscription in the portal -> add an RBAC role e.g. Contributor for your service principal like below, details here.
© 2022 - 2024 — McMap. All rights reserved.