-1

I'm trying to create a release pipeline in DevOps, that releases packages to LCS. The normal Dynamics 365 FO way of working. The issue is, I don't have an admin account without MFA that can be used to do this. Which roles or general setup, should I set on the AAD user, to be able to create the release? Currently I'm getting the AADSTS7000218 error.

I created a user that doesn't have MFA and I expect to add certain roles to be able to use this user for creating releases in DevOps.

Jovan Kirkov
  • 1
  • 1

1 Answers1

0

In Azure DevOps, to create release pipeline you need "Edit release pipeline" permission set to Allow. And you need to be at least a Basic user.

And as per the document, AADSTS7000218 means The request body must contain the following parameter: 'client_assertion' or 'client_secret'. When authenticating to Azure AD to get an access token, the client application is not providing its “password” (in the form of either a client secret or a client assertion) as expected by Azure AD’s token endpoint.

You could try navigating to Azure Active Directory->App Registration and find Authentication in your application. And set "Allow public client flows" to "Yes" in Azure portal. enter image description here Here's another ticket has the similar issue, hope it can help.

Evelyn Chen-MSFT
  • 161
  • 3
  • Hi Evelyn, thanks for you answer. I need to find out which permissions the non-admin user have to have in AAD, to be able to deploy the package to LCS. The permissions in DevOps are not an issue. I've seen suggested ticket before and I tried to solve the issue by setting the Allow public client flows to yes, but that doesn't solve the problem as expected. The problem is that it's not clear which permissions should a non-admin user have to be used in a release pipeline. – Jovan Kirkov Dec 13 '22 at 08:23
  • It looks like a CAP issue. Are you using any Conditional Access Policy (CAP) in your AAD? If you do, please try disabling CAP to see if it works. – Evelyn Chen-MSFT Dec 15 '22 at 02:04