Edit

Authorize other services to access Azure DevOps

  • Article

Azure DevOps Services

You can authorize other services to access Azure DevOps. The OAuth 2.0 framework provides safe, secure access to your resources. Some of these resources include work items, source code, and build results.

  • A service uses the authorization, bound to your credentials, to access resources in any organization that you have access to.
  • Use your Microsoft account, like me@live.com, or your work account, your account in Microsoft Entra ID - like me@my-workplace.com, to authorize the service.
  • The service that you authorize never has access to your Azure DevOps credentials.
  • Revoke any authorizations that you've granted to other services.

Authorize a service

A typical authorization flow might be similar to the following example:

  1. You're using a service that uses Azure DevOps resources, so the service requests authorization.

  2. If you're not already signed in, Azure DevOps prompts you for your credentials.

    Screenshot of the Visual Studio sign in prompt.

  3. After you've signed in, you get the authorization approval page.

    Screenshot of Accept or Deny buttons for authorization of the application.

    A service can only request full access through the REST APIs, so the authorization request may not be specific.

  4. Review the request and approve the authorization.

  5. The authorized service uses that authorization to access resources in your Azure DevOps organization.

To ensure an authorization request is legitimate, do the following actions:

  • Look for the Azure DevOps branding across the upper portion of the authorization approval page.
  • Ensure the authorization approval page URL begins with https://app.vssps.visualstudio.com/.
  • Pay attention to any HTTPS-related security warnings in your browser.
  • Remember that other services don't ask for your credentials directly. They let you provide them to Azure DevOps through the authorization approval page.

Manage authorizations

View the services that you've authorized to access your organization.

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

  2. Choose User settings, and then choose Profile.

  3. Choose Authorizations.

    Screenshot of profile settings with Authorizations selected.

You can revoke any authorizations so the service can no longer access your organization on your behalf.

Next steps

Set user preferences