Azure DevOps Integration Problem: Allow use of service principals

[hauskens]

Environment

SaaS (https://sentry.io/)

Steps to Reproduce

Due to #77570 we will need to add the integration again, and doing so requires some additional permissions to be approved.
This would normally not be a problem for most users, but organizations can put restrictions on this, which will result in below message:

In my case i am not allowed to get these permissions on my own user, but i can get a App Registrations with these permissions.
It is very common for applications to utilize existing service principals to authenticate by configuring a Client ID, Client Secret and Tenant ID.

I will not be able to connect our sentry environment with Azure Devops if i am not able to use an existing App Registrations to authenticate with due to the permissions that are requested on behalf of my user and my organizations policy.

Expected Result

Allow users to authenticate the integration with App Registrations

Actual Result

See above

Product Area

Settings - Integrations

Link

No response

DSN

No response

Version

No response

[getsantry]

Auto-routing to @getsentry/product-owners-settings-integrations for triage ⏲️

[sentaur-athena]

@hauskens #77570 didn't change the permission requirements of the app. Were you able to install the previous sentry azure installation? or was this an issue with the previous version of our App too?

[hauskens]

@hauskens #77570 didn't change the permission requirements of the app. Were you able to install the previous sentry azure installation? or was this an issue with the previous version of our App too?

Hi @sentaur-athena , this could be correct, I guess we didn't need to re-add the integrations until now, so this may have been a problem for us for a long time undetected.

[sentaur-athena]

@hauskens at the moment we don't support app registrations. I recommend working with Microsoft to get at least a user in your org to have admin access and get unblocked with installing the integration.

[hauskens]

Hi @sentaur-athena , thanks for the swift reply. We have over hundred thousand users in our AD tenant, the admins does not grant such permissions easily directly to users as app registrations is the preferred(and common) way to authenticate applications.

Are there any plans to support app registrations in the future?