Git cerdentials for serivce principal running jobs

OODataEng · ‎06-14-2025

Hello, I have a permission issue when trying to access Azure DevOps and run a job using a Service Principal.

I’ve read about the whole credentials topic, and indeed, when I create a PAT (Personal Access Token) through my personal user account, I can successfully run jobs with the Service Principal.
However, I fail to understand the logic because it contradicts the whole purpose of the Service Principal—I want to run jobs through an entity that is not tied to any personal user account.
How can this be achieved?

I configured the service princiap via Entra ID

But I am getting the following error:

Run failed with error message Failed to checkout Git repository: UNAUTHENTICATED: Encountered an error with Azure Workload Identity with Azure Exception: Failed to acquire token from Azure: java.util.concurrent.CompletionException: dbshaded.deprecated.azure.com.microsoft.aad.msal4j.MsalServiceException: AADSTS70025: The client has no configured federated identity credentials. Trace ID: 7707e429-27f3-4978-b066-002063090e00 Correlation ID: 71076137-d6b7-4489-867b-185178cd0a6c Timestamp: 2025-06-15 05:45:32Z
Is there a way to make this work?
Thank you.

loui_wentzel · ‎06-16-2025

Using a PAT is how you authenticate as a user, so that you can configure your Service Principal (SP) - if you follow this link, there's a guide to the next steps (you're on step 3 now)

Thie article explains a bit more on how to setup up the SP in Azure DevOps: Use a Microsoft Entra service principal for automation with Azure Databricks Git folders - Azure Dat...

Hope this helps 🙂

View solution in original post

OODataEng · ‎06-16-2025

I will try it again, Thank you!