Examine authentication
Azure DevOps users will authenticate against Microsoft Entra ID when accessing the Azure DevOps portal.
After being successfully authenticated, they won't have to provide any credentials to Azure Artifacts itself. The roles for the user, based on its identity, or team and group membership, are for authorization.
When access is allowed, the user can navigate to the Azure Artifacts section of the team project.
The authentication from Azure Pipelines to Azure Artifacts feeds is taken care of transparently. It will be based upon the roles and their permissions for the build identity.
The previous section on Roles covered some details on the required roles for the build identity.
The authentication from inside Azure DevOps doesn't need any credentials for accessing feeds by itself.
However, when accessing secured feeds outside Azure Artifacts, such as other package sources, you most likely must provide credentials to authenticate to the feed manager.
Each package type has its way of handling the credentials and providing access upon authentication. The command-line tooling will provide support in the authentication process.
For the build tasks in Azure Pipelines, you'll provide the credentials via a Service connection.