Octopus Azure Account without subscription ID


(Stewart) #1


I want to store an Azure service principal for managing an Azure AD instance that doesn’t have any subscriptions associated with it, but the validation fails because the subscription ID field is empty. I’m able to log in to the tenant using Login-AzureRmAccount - and to include this in a pipeline with variable substitution but this isn’t ideal - which returns no subscription name/ID. I’ve also tried using the subscription the Azure B2C AD resource exists in, but this is in a different tenant so invalid.

(Shannon Lewis) #3

Hi Stewart,

Thanks for getting in touch. We’ve been bouncing this around a bit within the team today, it isn’t a request we’ve had before. Are you able to describe a bit more about your scenario and what types of things you are needing to manage in Azure AD, to help us understand the context fully?

Conceptually this type of account wouldn’t be compatible with any of the other functions we use Azure accounts for. I.e. an account without a subscription doesn’t make sense for deploying a Web App. If we add a new account type it may also make sense to then look at adding other things related to the scenarios it supports, so the more we can understand the scenario the better we can understand the full scope.


(Stewart) #4


Our requirement is to manage applications, users etc in AD that are required later in the pipeline using an account that has access in Azure AD to manage the directory, but not permissioned to any subscriptions as it doesn’t need to manage any Azure resources beside AAD. We use a separate principal for deployment that we don’t want to give access to AAD.