You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/deploy-configure-credentials.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Configure Deployment Credentials
2
+
title: Manage Deployment Credentials
3
3
description: Learn about the types of deployment credentials for deploying local apps to Azure App Service and how to configure and use them.
4
4
author: cephalin
5
5
ms.author: cephalin
@@ -9,22 +9,22 @@ ms.date: 06/27/2025
9
9
10
10
---
11
11
12
-
# Configure deployment credentials for Azure App Service
12
+
# Manage deployment credentials for Azure App Service
13
13
14
14
You can deploy local apps to [Azure App Service](overview.md) by using [local Git deployment](deploy-local-git.md) or [FTP/S deployment](deploy-ftp.md). App Service supports two types of credentials for secure local app deployment, *user-scope* and *app-scope* credentials. These credentials are different from your Azure subscription credentials.
15
15
16
-
-**User-scope credentials** provide a user with one set of deployment credentials for their entire Azure account. A user who is granted app access via role-based access control (RBAC) or coadministrator permissions can use their user-level credentials until access is revoked.
You can use your user-scope credentials to deploy any app to App Service via local Git or FTP/S in any subscription that your Azure account has permission to access. Don't share these credentials with other Azure users.
18
+
## Prerequisites
19
19
20
-
-**App-scope credentials** provide one set of credentials per app, which can be used to deploy that app only. The app-scope credentials for each app are generated automatically during app creation and can't be configured manually, but they can be reset anytime.
20
+
To access, set, or reset deployment user credentials, you must have contributor-level permissions on an Azure App Service app that you want to deploy by using local Git or FTP/S.
21
21
22
-
A user must have at least **Contributor** level permissions on an app, including the built-in **Website Contributor** role, to be granted access to app-level credentials via RBAC. **Reader** role can't publish and can't access these credentials.
22
+
<aname="disable-basic-authentication"></a>
23
+
### Basic authentication requirement
23
24
24
-
>[!IMPORTANT]
25
-
>Basic authentication must be enabled to publish via local Git or FTP/S. Basic authentication is less secure than other authentication methods and is disabled by default for new apps. When [basic authentication is disabled](configure-basic-auth-disable.md), you can't view or set deployment credentials in the app's **Deployment Center**.
26
-
>
27
-
>To enable or disable basic authentication, go to the app's **Configuration** page in the Azure portal.
25
+
Basic authentication must be enabled to publish App Service apps via local Git or FTP/S. Both **SCM Basic Auth Publishing Credentials** and **FTP Basic Auth Publishing Credentials** must be set to **On** on the app's **Configuration** page in the Azure portal.
26
+
27
+
Basic authentication is less secure than other authentication methods and is disabled by default for new apps. When basic authentication is disabled, you can't view or set deployment credentials in the app's **Deployment Center** or use these credentials for publishing. For more information, see [Disable basic authentication in Azure App Service deployments](configure-basic-auth-disable.md).
28
28
29
29
<aname="userscope"></a>
30
30
## Set user-scope credentials
@@ -56,7 +56,7 @@ To configure deployment credentials:
56
56
1. Select **Deployment Center** under **Deployment** in the left navigation menu of an app.
57
57
1. If **Local Git** is configured as the build source, select the **Local Git/FTPS credentials** tab. Otherwise, select the **FTPS credentials** tab.
58
58
1. In the **User-scope** section, add a **Username**. For local Git deployments, the user name can't contain the `@` character.
59
-
1. For FTP/S deployments, add and confirm a **Password**. The password must be at least eight characters and contain contain capital letters, lowercase letters, numbers, and symbols.
59
+
1. For FTP/S deployments, add and confirm a **Password**. The password must be at least eight characters and contain capital letters, lowercase letters, numbers, and symbols.
60
60
1. Select **Save**.
61
61
62
62
After you set the credentials, you can see your deployment user name on your app's **Overview** page. If local Git deployment is configured, the label is **Git/deployment username**. Otherwise, the label is **FTP/deployment username**. The page doesn't show the password.
-**User-scope credentials** provide a user with one set of deployment credentials for their entire Azure account. A user who is granted app access via role-based access control (RBAC) or coadministrator permissions can use their user-level credentials until access is revoked.
10
+
11
+
You can use your user-scope credentials to deploy any app to App Service via local Git or FTP/S in any subscription that your Azure account has permission to access. Don't share these credentials with other Azure users.
12
+
13
+
-**App-scope credentials** provide one set of credentials per app, which can be used to deploy that app only. The app-scope credentials for each app are generated automatically during app creation and can't be configured manually, but they can be reset anytime.
14
+
15
+
A user must have at least **Contributor** level permissions on an app, including the built-in **Website Contributor** role, to be granted access to app-level credentials via RBAC. **Reader** role can't publish and can't access these credentials.
0 commit comments