How to create a service connection for Azure in Azure Devops with pictures

0 votes
This "service connection" concept in Azure Devops is perplexing. I want to construct a service connection so that I can connect to Azure and use a pipeline to deploy to my App Service.

My subscription isn't shown in the drop down menu, and I'm getting useless messages like "Failed to retrieve the Json Web Token(JWT)" or "Failed to query service connection API... AuthorizationFailed." What actions do I need to take to establish a service connection?
Mar 23, 2022 in Azure by Edureka
• 13,620 points

1 answer to this question.

0 votes

to create a service connection for Azure in Azure DevOps with pictures you need to have following perrequisites:

  • An Azure subscription
  • An app service or other resource to create the service connection for

In Azure portal, go to Azure Active Directory | App registrations (in sidebar) | New registration.

App registrations page

Give a name for the app registration. Don't worry about the other settings; leave them default. Click Register. Pro-tip: Prefixing related resources and entities with your project name (like <project name>-appregistration) will help you quickly find them later.

We need to give your app registration permission to access and deploy to your App Service or whatever resource you wish to deploy to.

Go to the App Service page | Access control (IAM) | + Add | Add role assignment. Fill out the fields:

  • Role: Contributor
  • Assign access to: Azure AD user, group, or service principal
  • Select: search for and select the app registration you just made

Click save. You should see the app registration get added as a Contributor.

Access control

We also need to give read permissions for your subscription. I have no idea why it requires read access to subscriptions, but the connection fails if you don't do this.

Similar to the last step, go to your subscription (the one you are using for your app service) | Access control (IAM) | + Add | Add role assignment.

  • Role: Reader
  • Assign access to: Azure AD user, group, or service principal
  • Select: select the app registration, then save.

Create service connection

Go to your project in Azure DevOps, then Project settings in the sidebar | Service connections | New service connection. Connection type is Azure Resource Manager.

Here is where I got lost before, because this interface doesn't list my subscription. But if it works for you, it should automatically get the correct variables for you, I believe. If it doesn't work, keep reading.

Azure Resource Manager service connection

Click "use the full version of the service connection dialog". Here is how to fill out this complicated form.

  • Connection name: choose a name (I suggest <project name>-serviceconnection)
  • Environment: AzureCloud
  • Scope level: Subscription
  • Subscription ID: Get this from your subscription resource (see screenshot)
  • Subscription name: Get this from your subscription resource
  • Service principal client ID: App registration's Application (client) ID
  • Service principal key: In the app registration page, go to Certificates & Secrets.
    • Create a secret and copy the secret value. Expiration date of Never is fine.
    • Do not store this string; you can always create a new one.
  • Tenant ID: App registration's Directory (tenant) ID
  • Allow all pipelines to use this connection checkbox: Turn this on for testing; you can change it later.


App registration

App registration secret

Click "Verify connection". It should say "Verified" in green. If the connection failed and you are sure you followed all the steps, wait 10 minutes and try again. After it's verified, you can click OK.


To use the service connection, reference the connection name you gave it earlier, in the correct field of the pipeline task. When you first try to run the pipeline, the build screen might show a message saying the connection isn't authorized.

Build page

Click "Authorize resources". You can see authorized pipelines in the Security page of the service connection. Run the build manually via the Queue button.

Now you can use the service connection in your pipeline.

If you are interested in learning more then checkout Edureka's DevOps Training Course and Azure Training.

answered Mar 29, 2022 by Edureka
• 12,690 points

edited Jul 4, 2023 by Khan Sarfaraz

Related Questions In Azure

0 votes
1 answer

Azure Pricing Calculator for Hours in Cloud Service

The best method to understand Cloud Service ...READ MORE

answered Mar 29, 2022 in Azure by Edureka
• 12,690 points
0 votes
1 answer
0 votes
0 answers

OWASP Zed Attack Proxy Scan in DevOps pipeline

I want to do the "Authenticated Scan" ...READ MORE

Mar 15, 2022 in DevOps Tools by Kichu
• 19,050 points
0 votes
1 answer
0 votes
0 answers

Multiple YAML build pipelines in Azure DevOps

Using the new YAML way I want ...READ MORE

Mar 15, 2022 in DevOps Tools by Kichu
• 19,050 points
0 votes
1 answer
0 votes
1 answer

How to collect DORA metrics for Azure DevOps (Server 2020) releases?

DORA measurements are provided by the DevOps ...READ MORE

answered Apr 1, 2022 in Azure by Edureka
• 12,690 points
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP