I am looking for a way to create a service account to access the Azure Devops REST API.
The goal would be that this service account would be able to list all the projects.
For now the only solution I found was to create a new user, add it to an overall admin group and create a PAT for it.
Does anyone found another way of doing so ?
Thanks in advance
PS: we have a Azure Devops Service solution
Based on your description and concern, please note that the service account in Azure DevOps Service is automatically created for you when you create an organization in Azure DevOps Services. It is used when clients communicate with the hosted service and can be viewed through the web portal administration page.
And it is not supported to manually create service Account in Azure DevOps Service.
For more information, you could refer to the doc: Service account requirements - Azure DevOps | Microsoft Docs & Service accounts and dependencies - Azure DevOps Server | Microsoft Docs .
Related
we use a devops artifact feed to store our packed/shaded java binaries inside a private project. Now we would like to allow access to certain artifacts for externals.
We will promote these artifacts to a custom view (#public-releases) and want to allow access to this view for certain customers only (s.t. they can use it in their automation).
Is it possible to have some kind of service-account/service-principal to assign read-permissions in devops?
I know it the other way round (give devops access to azure ressources via service connections), but now I want to permit access to Devops Feeds.
How would I create such a User? We have azure AD connected, so maybe that is an option?
Is it possible to have some kind of service-account/service-principal
to assign read-permissions in devops?
No, no such design.
Service principal of Azure Active Directory concept can not be managed as an account in DevOps side(DevOps doesn't have such account type, only internal service principal, no AAD service principal).
As you know, service principal of AAD can manage access to services in azure portal. This is the usual usage. Another usage is Authenticate with Azure Active Directory (Azure AD) tokens, this approach can be used to manage PAT of DevOps, but anyway you end up needing to access the feed based on a legitimate account under the DevOps concept.
I want to get all PATs via REST from Azure DevOps Server (on-premise). The REST API Docs show only access to Azure DevOps Services (hosted) with this URI
https://vssps.dev.azure.com/{organization}/_apis/tokenadmin/personalaccesstokens/{subjectDescriptor}?api-version=7.1-preview.1
How do I access the security areas (Identities, Accounts, etc.) via REST in Azure DevOps Server?
You could visit the page below for the token administration rest api.
Token Administration REST API for Azure DevOps Services - Azure DevOps Services REST API | Microsoft Learn
And you can check the api for the different workspaces with the dropdown list below.
1.List Personal Access Tokens
GET https://{instance}/{collection}/_apis/tokenadmin/personalaccesstokens/{subjectDescriptor}?api-version=6.0-preview.1
2.Read identities
GET https://{instance}/{collection}/_apis/identities?api-version=6.0
3.For security
https://learn.microsoft.com/en-us/rest/api/azure/devops/security/?view=azure-devops-server-rest-6.0
I am trying to establish a Service Connection from Azure DevOps to my Azure B2C tenant and am running into issues. I'm starting to think it's not even possible.
I have multiple Service Connections to the primary Azure Subscription/Tenant, but specifically wanted a connection to my B2C Tenant, so that I can manage B2C resources using Terraform and the Pipeline Agent within Azure DevOps.
Does anyone know if this is even possible? Or a method of getting this setup? No documentation online has been helpful
I'm developing an extension that runs within a work item.
Is there a way I can acquire an AAD token for the current logged in user, which can be used to authenticate to an AAD protected backend service like Azure App Service/Key Vault etc?
I'm afraid you can't do that directly. Azure Devops Service and Azure are not the same things.
We can use VSS SDK and azure-devops-extension-api to get Azure-devops related info(AccessToken for Azure Devops Service,Org info, Project info, User info), but we can't get AAD token using these related api cause these apis are for Azure Devops Service.
I know that it is possible to connect to Azure DevOps Services using Microsoft Office365 (O365) public cloud.
But is it possible for US Gov customers to connect to Azure DevOps Service using their O365 Government Community Cloud (GCC) account?
Is it even supported or in the roadmap for future?
Azure DevOps Service is a hosted version of Azure DevOps Server (TFS).
Currently it is not possible to connect Azure DevOps Service using O365 GCC account.
But if you have O365, then you can use it to connect to Azure DevOps Service. Meaning you should be able to create an Azure DevOps Service Organization to manage your projects and add other user from your company who are also using your O365 account.
Azure DevOps Service requires a Azure Commercial or Public Cloud Tenant subscription using either Enterprise Agreement (EA) if you are a company or Pay-As-You-Go Azure Subscription on Azure Public Cloud.
It is currently hosted on Azure Commercial Cloud and at the moment there is no road-map to also make it available in other Azure Clouds like US Government cloud. However one can still use O365 account to connect to Azure DevOps Services.