This post will show how to connect Azure DevOps pipelines to an external Azure Tenant and deploy resources.
Connecting your Azure DevOps tenant to the same Azure tenant is simple and does not require a particular configuration because the accounts are members of the same subscription and tenant.
In advanced Azure DevOps configuration, you might have your Azure DevOps running on one Azure tenant, but the actual pipeline deployments need to be deployed on a different tenant.
The process of connecting Azure DevOps to Azure is called Service Connection. And when connecting any service to Azure DevOps behind the scene, we create a new service connection.
Azure Active Directory Principal
To connect Azure DevOps to external Azure tenants, we first need to create an App Registration Service Principal in Azure AD and give the new Service Principle permissions to the Azure subscription.
In Azure AD, create a new App Registration and generate a secret (default secret is only valid for six and max of 24 months).
Once you create the Service Principal, give it Contributor access to the Azure subscription.
Create Service Connection
When your account is ready, go to Azure DevOps -> Project -> Project Settings -> Service Connection and create a new connection.
Select Azure Resource Manager -> Service Principal (Manual)
To configure the Service Connection, you will need the following information from your Azure and Azure AD tenant (external).
- Azure Subscription Name
- Azure Subscription ID
- Azure Tenant ID
- Application ID
- App Registration secret
- App Registration Secret ID
Once you add all the details, click verify and save. You will see the connection when you create a pipeline using the pipeline assistance.