You’re offline. This is a read only version of the page.
67
I'm looking to migrate our existing Azure DevOps (ADO) pipeline for deploying Power Platform solutions over to Power Pipelines, however I don't see a way to automatically set the environment variables and connections to be used by the Power Platform solution. I had hoped that by setting the deployment stage as delegated to use the stage owner (i.e. service account), that the service account's connections would be automatically chosen for each connection reference in the solution, but that doesn't appear to be the case. As for environment variables, I don't see any way to set these values aside from the developer (a.k.a. deployment user) specifying them when they run the pipeline. I'm looking to achieve the same functionality that the deployment settings file provides when using ADO or the Power Platform CLI to import a solution.
Here's what I tried:
1. Create connections in target environment using service account/stage owner.
2. Followed all instructions on Deploy pipelines as a service principal or pipeline owner - Power Platform | Microsoft Learn to grant deployment user and service account necessary roles/permissions in source, target, and pipeline host environments.
3. Trigger pipeline run as deployment user in source environment with solution containing an environment variable and a connection reference.
4. Select deployment user's connection for use in target environment, since that was the only option (no visible way to instruct pipeline to use service account's connection).
5. Manually enter environment variable value for target environment.
6. Pipeline run fails with error:
Share
Report{
"code":"ConnectionAuthorizationFailed",
"message":"The caller with object id [deployment user object ID] does not have the minimum required permission to perform the requested operation on connection [deployment user's target environment connection ID] under API [connection type API name]."
}
Any guidance/insights on this, even if they don't solve our problem, would be greatly appreciated.
Hi @parvezghumra ,
I was looking into a possible migration from our ADO setup to Power Pipelines because we were trying to move away from using client secrets for authentication, and given that the only ways to authenticate to a Power Platform environment with a service connection in ADO were client ID & secret or managed identity, which AFAIK would require us creating an entire VM scale set just to serve as the custom pipeline agent, I was hoping that Power Pipelines would be the solution. Unfortunately, due to the limitations described in this topic, Power Pipelines will not work for us either.
However, as luck would have it, the Power Platform Build Tools team just released an update to the PAC CLI and the Power Platform ADO configuration that allows you to authenticate using federated credentials instead of client ID and secret. I've just implemented this across all of our ADO pipelines and, with a little bit of finesse to make it work with a Bash script file triggered by the pipeline, I've been able to completely remove all client secrets!
I'll mark this comment as the solution since I don't believe it's possible to achieve what I was looking to do given the current available features of Power Pipelines.
@rcarrigan I can't help unfortunately with your specific issue, but I'm intrigued to know as to why you are moving from an existing setup in ADO to Power Platform Pipelines.
#1
WarrenBelz
109
Most Valuable Professional
#2
Michael E. Gernaey
82
Super User 2025 Season 1
#3
MS.Ragavendar
72
All responses (
Answers (
