Blog Post

Educator Developer Blog
1 MIN READ

How to login to Azure with GitHub Actions

alfredodeza's avatar
alfredodeza
Icon for Microsoft rankMicrosoft
Jul 14, 2022

The first step is to create an Azure Service Principal account. You'll need the following:

 

  1. An Azure subscription ID (find it here) or follow this guide.
  2. A Service Principal with the following details the AppID, password, and tenant information. Create one with:
     az ad sp create-for-rbac --name "CICD" --role contributor --scopes /subscriptions/$AZURE_SUBSCRIPTION_ID --sdk-auth
    Replace "$AZURE_SUBSCRIPTION_ID" with the id from step 1.

Next, in your GitHub repository, add the output from the Service Principal (should be a JSON blob) as an Action Secret. You do this in your repository Settings.

 

Finally, create a GitHub workflow file by going to the "Actions" tab. Make sure you use the Azure login action:

 - uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

 

The full running example is in the sample GitHub repository which you can use to get started, or use the YouTube video for a detailed walk-through!

Useful resources:

 

 

All of the steps are also covered in this short video:

 

 

 

Updated Jul 14, 2022
Version 1.0
  • Get-Optimal's avatar
    Get-Optimal
    Copper Contributor

    Having created the GitHub AZURE_CREDENTIALS secret with the json generated by the cli command we get this error message.

    (InvalidAuthenticationToken) The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant.

  • Tharun710's avatar
    Tharun710
    Copper Contributor

    This type of error occurs while GitHub action using AZURE_CREDENTIALS

     

     

    Run Azure/aks-set-context@v1

    Error: ***"error":***"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant.