Register an agent using a personal access token (PAT)

Specify PAT for authentication type during agent configuration to use a personal access token to authenticate during agent registration, then specify a personal access token (PAT) with Agent Pools (read, manage) scope (or Deployment group (read, manage) scope for a deployment group agent) can be used for agent registration.

A single PAT can be used for registering multiple agents, the PAT is used only at the time of registering the agent, and not for subsequent communication.

To use a PAT with Azure DevOps Server, your server must be configured with HTTPS. See Web site settings and security.

Create a personal access token for agent registration

1. Sign in with the user account you plan to use in your Azure DevOps organization (https://dev.azure.com/{your_organization}).

2. From your home page, open your user settings, and then select Personal access tokens.

   

3. Create a personal access token.

   

4. For the scope select Agent Pools (read, manage) and make sure all the other boxes are cleared. If it's a deployment group agent, for the scope select Deployment group (read, manage) and make sure all the other boxes are cleared.

   Select Show all scopes at the bottom of the Create a new personal access token window window to see the complete list of scopes.

5. Copy the token. You'll use this token when you configure the agent.

Note

When using PAT as the authentication method, the PAT token is used only for the initial configuration of the agent. Learn more at Communication with Azure Pipelines or TFS.

Next steps

• Self-hosted Windows agents
• Self-hosted Linux agents
• Self-hosted macOS agents