itknowhowcentral Logo
Popular:
  1. Home
  2. Service Connection Between Azure DevOps and Azure Portal Using 'AD Service Principal'

Create AD at Azure Portal

Create User and Give  Role to AD at Azure Portal

Understand Service Principal at Azure

Understand Managed Identity at Azure

 

Connect Azure Service with Azure DevOps Using ‘AD Service Principal’

To connect Azure DevOps to Azure Cloud, the Service principal is the method which we will use to authenticate and to authorize.

 

 

Service Connection

  • A service connection is what you need to connect Azure pipelines. access all outside services, like Azure Cloud, GitHub, Action, Jenkins, AWS, GCP etc. service connection, typically 
  • it's a bridge between two entities. One is your Azure pipeline, the other could be anything (Azure Cloud in our case). 
  • Service connection provide access to all the Azure services through which we can create release pipelines and we can deploy our changes to Azure Cloud.
  • Authentication Method
    • Being the scene we are using ‘Service Principal’ as authentication method
    • Even though if you use the method of manage identity behind the scene, it uses service principal. The only difference is the secrets are managed by Microsoft. 

 

 

 

 

Create Service Principal in Azure Cloud

  • MS Entra Id > App Registration > New Registration
  • Name: web-app-devop-azure-conn
  • Supported Account Type
    • Single Tenant by default -  no change
      • Tenant is nothing but within your company. If you have multiple organization and you have divided your projects into multiple tenants, so tenants are nothing. But it's a directory, a kind of isolation what you do.
      • Click Register Button
  • On Service Principal Detail Page
    • Click Certificates & secrets
    • Click ‘New Client Secret’
      • Give description: web-app-devop-azure-conn-secret
      • Give Expiry as 100 days for now
      • Client Add
    • Two value generated, use same while creating Azure Service connection in DevOps below

 

 

 

 

Authorized above service principal to use the subscription.

  • Go to subscription > click “Access control (IAM)” >
    Click ‘Add Role Assignment’

 

  • Give role of contributor
    • On Next screen ‘select member’
      • By default it show all user name, we have assign to its service principal name. 
        • search service principal name  web-app-devop-azure-conn and select it
    • Select and then assign
    • you can see service principal name in role section (under IAM)

 

 

 

 

Create a Service Connection at DevOps

DevOps > Project Settings > Click ‘Service Connections’ under Pipeline > Click ‘Create Service Connection’

  • Select ARM (Azure Resource manager)
    • A middle ware which is helping you connect to all the Azure services.
  • Step 1 Create Service connection
  • Step2 check after save
    •  

 

 

 

Related Question