web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
You're Invited to Keeping It Real with the Power Platform
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Use service account co...
Power Apps
Answered

Use service account connections in Power Pipeline delegated deployment stages

(0) ShareShare
ReportReport
Posted on by rcarrigan 67

I'm looking to migrate our existing Azure DevOps (ADO) pipeline for deploying Power Platform solutions over to Power Pipelines, however I don't see a way to automatically set the environment variables and connections to be used by the Power Platform solution. I had hoped that by setting the deployment stage as delegated to use the stage owner (i.e. service account), that the service account's connections would be automatically chosen for each connection reference in the solution, but that doesn't appear to be the case. As for environment variables, I don't see any way to set these values aside from the developer (a.k.a. deployment user) specifying them when they run the pipeline. I'm looking to achieve the same functionality that the deployment settings file provides when using ADO or the Power Platform CLI to import a solution.

 

Here's what I tried:

1. Create connections in target environment using service account/stage owner.

2. Followed all instructions on Deploy pipelines as a service principal or pipeline owner - Power Platform | Microsoft Learn to grant deployment user and service account necessary roles/permissions in source, target, and pipeline host environments.

3. Trigger pipeline run as deployment user in source environment with solution containing an environment variable and a connection reference.

4. Select deployment user's connection for use in target environment, since that was the only option (no visible way to instruct pipeline to use service account's connection).

5. Manually enter environment variable value for target environment.

6. Pipeline run fails with error:

 

{
 "code":"ConnectionAuthorizationFailed",
 "message":"The caller with object id [deployment user object ID] does not have the minimum required permission to perform the requested operation on connection [deployment user's target environment connection ID] under API [connection type API name]."
}

 

 

Any guidance/insights on this, even if they don't solve our problem, would be greatly appreciated.

Categories:
Power Apps Pro Dev & ISV
I have the same question (0)
  • Parvez Ghumra Profile Picture
    Parvez Ghumra 1,579 Moderator on at

    @rcarrigan I can't help unfortunately with your specific issue, but I'm intrigued to know as to why you are moving from an existing setup in ADO to Power Platform Pipelines. 

  • Verified answer
    rcarrigan Profile Picture
    rcarrigan 67 on at

    Hi @parvezghumra ,

     

    I was looking into a possible migration from our ADO setup to Power Pipelines because we were trying to move away from using client secrets for authentication, and given that the only ways to authenticate to a Power Platform environment with a service connection in ADO were client ID & secret or managed identity, which AFAIK would require us creating an entire VM scale set just to serve as the custom pipeline agent, I was hoping that Power Pipelines would be the solution. Unfortunately, due to the limitations described in this topic, Power Pipelines will not work for us either.

     

    However, as luck would have it, the Power Platform Build Tools team just released an update to the PAC CLI and the Power Platform ADO configuration that allows you to authenticate using federated credentials instead of client ID and secret. I've just implemented this across all of our ADO pipelines and, with a little bit of finesse to make it work with a Bash script file triggered by the pipeline, I've been able to completely remove all client secrets!

     

    I'll mark this comment as the solution since I don't believe it's possible to achieve what I was looking to do given the current available features of Power Pipelines.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
You're Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Vish WR Profile Picture

Vish WR 762

#2
11manish Profile Picture

11manish 640

#3
Valantis Profile Picture

Valantis 548

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans