I had some issues with automatically creating a service principal to set up Azure Resource Manager in Azure DevOps due to overly strict Azure AD policies resulting in the following error Error encountered: Failed to create an app in Azure Active Directory. Error: Credential lifetime exceeds the max value allowed as per assigned policy
. This is a rather unique error with no results found on Google. Since the steps to manually create a service principal is rather complex, I have decided to document it here.
1) Use the powershell console in Azure Portal to run the following command
1 2 3 4 5 6 7 8 |
|
2) Go to Azure Portal -> Subscriptions -> Access Control (IAM) -> Add Role Assignment and add Contributor role for ServicePrincipalName.
3) Go to Azure DevOps -> Project Settings (At Bottom) -> Service Connections -> New Service Connection -> Azure Resource Manager -> Service Principal (Manual) and use the values from the command output in the earlier powershell console
1 2 3 |
|
4) Setup a new pipeline in Azure DevOps. The new pipeline may not be able to detect the manually set up service principal and the build may fail, if that happens, you will need to visit the following URL to get the azureServiceConnectionId.
1 2 |
|
5) Manually edit the azure-pipelines.yml
file and include the new azureServiceConnectionId. Your builds should now work.
1 2 3 4 5 6 |
|