Hello. I try to add a user-managed identity to the organisation and to the project as an admin.
adding user to the org:
$token = az account get-access-token | ConvertFrom-Json
$accessToken = $token.accessToken
$identity = az identity show --name $managedIdentityName --resource-group $resourceGroup | ConvertFrom-Json
$originId = $identity.principalId
Define the API URL for adding a user
$apiUrl = "https://vssps.dev.azure.com/$organization/_apis/graph/users?api-version=7.2-preview.1"
$headers = @{
"Content-Type" = "application/json"
"Authorization" = "Bearer $accessToken"
}
Prepare the body for the request to add the user-managed identity
$body = @{
principalName = $userManagedIdentityEmail
subjectKind = "User" # Specify the type of identity
} | ConvertTo-Json
Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body
subjectKind : user
domain : ####reducted###
principalName : ####reducted###
mailAddress : ####reducted###
origin : aad
originId :
displayName : ####reducted###
_links : ####reducted###
url : ####reducted###
descriptor : bnd.####reducted###
I appreciate most is reducted but the problem is:
why is originId empty, and the descriptor starts with bnd, not aad?
In simple terms, how can I add a user-managing identity to the ado organisation and then to the project as a project admin? I need this managed identity for ADO serverless self-hosted agents, and I want to automate end-to-end processes.
Hello. I try to add a user-managed identity to the organisation and to the project as an admin.
adding user to the org:
$token = az account get-access-token | ConvertFrom-Json
$accessToken = $token.accessToken
$identity = az identity show --name $managedIdentityName --resource-group $resourceGroup | ConvertFrom-Json
$originId = $identity.principalId
Define the API URL for adding a user
$apiUrl = "https://vssps.dev.azure.com/$organization/_apis/graph/users?api-version=7.2-preview.1"
$headers = @{
"Content-Type" = "application/json"
"Authorization" = "Bearer $accessToken"
}
Prepare the body for the request to add the user-managed identity
$body = @{
principalName = $userManagedIdentityEmail
subjectKind = "User" # Specify the type of identity
} | ConvertTo-Json
Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body
subjectKind : user
domain : ####reducted###
principalName : ####reducted###
mailAddress : ####reducted###
origin : aad
originId :
displayName : ####reducted###
_links : ####reducted###
url : ####reducted###
descriptor : bnd.####reducted###
I appreciate most is reducted but the problem is:
why is originId empty, and the descriptor starts with bnd, not aad?
In simple terms, how can I add a user-managing identity to the ado organisation and then to the project as a project admin? I need this managed identity for ADO serverless self-hosted agents, and I want to automate end-to-end processes.