Description

Customers might request a Service Principal with the custom ContributorNoACM role on the Resource Group level to use it for different automation scenarios. This article explains how to add the Service Principal to the Azure DevOps project.

Note: Sitecore does not support deploying Sitecore customizations with Microsoft Azure, including the Azure DevOps upgrade approach using Azure Pipelines.

Solution

To add the Service Principal to the Azure DevOps as a Service Connection:

1. Go to Project settings, click Service connections:
   
   
   
   
2. Click New service connection → Azure Resource Manager, then click Next to continue.
   
   
   
   
3. Choose:
   1. Identity type as App registration or managed identity (manual)
   2. Credential as Secret 
   3. Environment as Azure Cloud
   4. Scope Level as Subscription
      
      
   
   
   
4. Fill in the following fields:
   
   1. Subscription ID
   2. Subscription Name
   3. Application (client) ID
   4. Directory (tenant) ID
   5. Client Secret
   6. Service Connection Name
   7. Maintain the Credential radio box as a Service principal key
   8. Selecting Grant access permission to all pipelines lets all pipelines use this connection. This option isn't recommended. Instead, authorize each pipeline individually to use the service connection.
   
   
   
   

   Important note: It is necessary to create a New Azure service connection (using the manual method) with the details as shown in the image below. Ensure that you input the correct Environment subscription name, and the Subscription Id (it should be in the lowercase).

   
   
5. Click Verify and then Save.
6. Once it has all been done, the service connection is created.