Introduction
Azure DevOps allows you to establish a connection with Azure services using Service Connections. In this guide, we’ll explore two authentication methods: Service Principal and Workload Identity Federation. Follow the steps below based on your preference.
Service Principal Authentication
Automatic Setup
Navigate to Project Settings in Azure DevOps:
- Go to your project in Azure DevOps.
- Click on the gear icon in the bottom-left corner and select “Project settings.”
Choose Service Connections:
- In the Project Settings, click on “Service connections” under “Pipelines.”
Add a New Service Connection:
- Click on the “Create service connection” button.
Select Azure Resource Manager:
- Choose “Azure Resource Manager” as the connection type and click Next.
Automatic Service Principal Configuration:
- Enable the “Service principal (automatic)” option click Next.
- A pop-up screen will be appear asking for azure login.
- Provide the necessary details like Scope level, Subscription, Resource Group, Service connection name, Description, Security, and click “Save.”
- Once you save it will automatically create a Service Principle.
Manual Setup
Navigate to Azure Portal:
- Open the Azure Portal.
Create a Service Principal:
- Creating new Service principle.
Add Service Connection in Azure DevOps:
- Follow steps 1-4 from the “Automatic Setup” section.
- Enable the “Service principal (manual)” option click Next.
- Provide the necessary fields Environment, Scope Level, Subscription ID, Subscription Name, Service Principle ID, Service Principal Key or Certificate, Tenant ID after providing all the details just click on Verify to check if given credentials are valid or not. Provide name for the Service Connection and Security check box. Click on Verify and Save.
Workload Identity Federation
Automatic Setup
Enable Workload Identity Federation:
- In Azure DevOps, navigate to “Project Settings” -> “Service connections.”
- Click “New service connection” and choose “Azure Resource Manager.”
Select Workload Identity Federation:
- Enable the “Workload Identity (automatic)” option and click next.
- A pop-up screen will be appear asking for azure login.
- Provide the necessary details like Scope level, Subscription, Resource Group, Service connection name, Description, Security, and click “Save.”
- Once you save it will automatically create a Workload Identity Federation.
Manual Setup
Create Service Connection in Azure DevOps:
- In Azure DevOps, navigate to “Project Settings” -> “Service connections.”
- Click “New service connection” and choose “Azure Resource Manager.”
- Enable the “Workload Identity federation (manual)” option and click next.
- Under Step 1. Enter Service Connection Name, Description, Security and click Next.
- Provide the required information Environment, Scope Level, Subscription ID, Subscription Name, Service Principal ID, Tenant ID before we click on Verify and Save
- Add Issuer, Subject Identifier under Service Account -> Federated credentials.
Set Up Workload Identity in Azure:
Navigate to Azure Portal:
- Open the Azure Portal.
Create a Service Principal:
- Creating new Service principle no need to Client Secret Instead we need to go to Federated credentials.
- Click on Add Credentials, you can see below screen.
- From the Drop down select the Other Issuer.
- Provide the required information Issuer, Subject Identifier (From the point 5 you can see the Issuer and Subject Identifier), Credentials Name and Description and click Add
Conclusion
Congratulations! You have successfully set up Azure DevOps Service Connection using both Service Principal and Workload Identity Federation. Choose the method that best suits your needs and project requirements.
Feel free to reach out if you encounter any issues or have further questions. Happy coding!