Hey everyone! I'm diving into Azure Automation Accounts and trying to set up Source Control with Azure DevOps, but I'm stuck and would love some guidance. I have an Automation Account that runs several Runbooks, and I want to keep them in our Azure DevOps repository. However, when I attempt to set up Source Control, I hit a wall during authentication. From what I've gathered, the account needs to be a Project Administrator with a Basic license for Azure DevOps, along with Contributor permissions on the Automation Account. We do have a Managed Identity that meets these permissions. Can someone confirm if it's possible to use this Managed Identity for authentication? When I click the "Authenticate" button, it just takes me to a standard login page instead of allowing me to switch to the Managed Identity. Am I looking at needing two Basic licenses—one for the Managed Identity and one for a separate Service Account—just to enable Source Control with Azure DevOps?
3 Answers
Yeah, that's a bummer. I had hoped maybe I'd misunderstood it, but it sounds like you're spot on. We started the connection with my admin account, and when we removed that Basic license, the connection broke immediately.
You could definitely set up a pipeline that runs in the context of a service principal instead of the Managed Identity. This way, you can deploy your Runbooks into the automation account and keep them updated with the repo. Honestly, I tried using the source control feature on the Automation Account; I got it to work to some extent, but it never triggered on commits, so I eventually gave up on it.
I totally get the confusion here. After reviewing the Microsoft docs, my understanding was that when you authenticate to Azure DevOps, you delegate access either with the Managed Identity or by creating a personal access token (PAT). They describe it like this: When you first set up source control integration, you authenticate using your user credentials via OAuth, which is tied to your identity for the initial setup. After this, Azure Automation uses the Managed Identity to handle syncing jobs. So it seems like while the sync runs under the Managed Identity, the actual Git operations still depend on that initial OAuth token. Unfortunately, Managed Identity is not designed for direct authentication with Azure DevOps for Git tasks, so you'll likely need the user credentials for OAuth to maintain the connection.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically