25,081 questions
Onlye delegated (user but not app) permissions are supported by Azure AD DevOps API. You can keep using PAT's and protect them using Key Vault and Managed Identies.
Using AAD Managed identity to connect to DevOps API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Mark Middlemist
171
Reputation points
Hi All
We are trying to integrate a part of our system with Azure DevOps, specifically logging Tasks (Bugs, Issues, etc) from our code.
The code is all running in Azure and as standard we use AAD service principles authenticated with Managed Identity to connect to secured entities.
Looking at the documentation around connection methods to the API seems to mean that we would need to stash credentials, probably a PAT at our end, but we would ideally like to keep consistent and use MSI.
If anyone could provide any guidance it would be much appreciated.
All the best
Mark Middlemist
Microsoft Security | Microsoft Entra | Microsoft Entra ID
1 answer
Sort by: Most helpful
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator2020-07-10T18:34:36.44+00:00